Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1540590
MD5:07fb99b5324ed101f9ee2b563c5a7b21
SHA1:5a88bfb58a261299919f42446ca2fba32a6366ea
SHA256:89ab0e926d3c2d8502322e7c325b2d0b978a65ce075868f63280636ebeb932aa
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • file.exe (PID: 5908 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 07FB99B5324ED101F9EE2B563C5A7B21)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["clearancek.site", "licendfilteo.site", "eaglepawnoy.store", "dissapoiznw.store", "spirittunek.store", "bathdoomgaz.store", "studennotediw.store", "mobbipenju.store"], "Build id": "BRx--R"}
SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
    No Sigma rule has matched
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-23T23:53:02.325321+020020564771Domain Observed Used for C2 Detected192.168.2.5577721.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-23T23:53:02.235056+020020564711Domain Observed Used for C2 Detected192.168.2.5599621.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-23T23:53:02.302691+020020564811Domain Observed Used for C2 Detected192.168.2.5530781.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-23T23:53:02.286359+020020564831Domain Observed Used for C2 Detected192.168.2.5566401.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-23T23:53:02.350903+020020564731Domain Observed Used for C2 Detected192.168.2.5521821.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-23T23:53:02.272655+020020564851Domain Observed Used for C2 Detected192.168.2.5616521.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-23T23:53:02.337886+020020564751Domain Observed Used for C2 Detected192.168.2.5651921.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-23T23:53:02.313855+020020564791Domain Observed Used for C2 Detected192.168.2.5588491.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-23T23:53:03.955444+020028586661Domain Observed Used for C2 Detected192.168.2.549704104.102.49.254443TCP

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: file.exeAvira: detected
    Source: file.exe.5908.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["clearancek.site", "licendfilteo.site", "eaglepawnoy.store", "dissapoiznw.store", "spirittunek.store", "bathdoomgaz.store", "studennotediw.store", "mobbipenju.store"], "Build id": "BRx--R"}
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Source: file.exeJoe Sandbox ML: detected
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001E50FA
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001AD110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001AD110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_001E63B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_001E695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_001E99D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_001AFCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_001B0EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_001A1000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_001DF030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_001B6F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_001E4040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_001E6094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_001CD1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_001C2260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_001C2260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_001B42FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_001AA300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_001BB410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_001CE40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_001BD457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_001E1440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_001CC470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_001E64B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_001C9510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_001B6536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_001E7520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_001A8590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_001DB650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_001CE66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_001E7710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001E5700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_001CD7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_001E67EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_001C28E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_001E3920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_001BD961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_001A49A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_001B1A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_001A5A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_001E4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_001B1ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_001BDB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_001BDB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_001E9B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_001D0B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_001B1BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_001B3BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_001C7C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_001DFC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_001CEC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_001CAC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_001CAC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_001CCCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001CCCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_001CCCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001E9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_001E9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_001CFD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_001CDD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001E8D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_001B4E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_001CAE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001C5E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_001C7E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_001B1E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_001B6EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_001ABEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_001A6EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001DFF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_001C9F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_001B6F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_001BFFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_001E5FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_001A8FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_001E7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001E7FC0

    Networking

    barindex
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.5:65192 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.5:58849 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.5:56640 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.5:53078 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.5:57772 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.5:61652 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.5:59962 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.5:52182 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 104.102.49.254:443
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cb9e7f3651c38ac41ccf738a8ba3498dc; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=74a3572305bfc63debaa5668; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26105Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveWed, 23 Oct 2024 21:53:03 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.2080904765.00000000013D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/6
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.2080904765.0000000001390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000002.2082369029.0000000001390000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080904765.0000000001390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611997243319002
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000002.2082369029.0000000001390000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080904765.0000000001390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/zI9
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.2080904765.00000000013D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cb9e7f3651c38ac4
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080904765.0000000001378000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2

    System Summary

    barindex
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001B02280_2_001B0228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A10000_2_001A1000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001B20300_2_001B2030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F0650_2_0036F065
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E40400_2_001E4040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001EA0D00_2_001EA0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002551080_2_00255108
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A51600_2_001A5160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002791880_2_00279188
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001AE1A00_2_001AE1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003741E90_2_003741E9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A71F00_2_001A71F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D82D00_2_001D82D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D12D00_2_001D12D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A12F70_2_001A12F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001AA3000_2_001AA300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A13A30_2_001A13A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001AB3A00_2_001AB3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D23E00_2_001D23E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001CC4700_2_001CC470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001B049B0_2_001B049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001B44870_2_001B4487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D64F00_2_001D64F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A85900_2_001A8590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A35B00_2_001A35B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001BC5F00_2_001BC5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003796300_2_00379630
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036D6190_2_0036D619
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DF6200_2_001DF620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E86520_2_001E8652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003726790_2_00372679
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A164F0_2_001A164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E86F00_2_001E86F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002237130_2_00223713
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001AA8500_2_001AA850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D18600_2_001D1860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003778900_2_00377890
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DE8A00_2_001DE8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001DB8C00_2_001DB8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001C098B0_2_001C098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E89A00_2_001E89A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0035F9CC0_2_0035F9CC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E4A400_2_001E4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036BAB40_2_0036BAB4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E8A800_2_001E8A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E7AB00_2_001E7AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00370B340_2_00370B34
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001BDB6F0_2_001BDB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A7BF00_2_001A7BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002D5BC30_2_002D5BC3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E8C020_2_001E8C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E6CBF0_2_001E6CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001CCCD00_2_001CCCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001CFD100_2_001CFD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001CDD290_2_001CDD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001C8D620_2_001C8D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001B4E2A0_2_001B4E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001CAE570_2_001CAE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E8E700_2_001E8E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001B6EBF0_2_001B6EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001ABEB00_2_001ABEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001AAF100_2_001AAF10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00375F4F0_2_00375F4F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001A8FD00_2_001A8FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E7FC00_2_001E7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 001BD300 appears 152 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 001ACAA0 appears 48 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995616749174917
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@9/1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D8220 CoCreateInstance,0_2_001D8220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: file.exeStatic file information: File size 2971136 > 1048576
    Source: file.exeStatic PE information: Raw size of gffzywxl is bigger than: 0x100000 < 0x2ac000

    Data Obfuscation

    barindex
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.1a0000.0.unpack :EW;.rsrc :W;.idata :W;gffzywxl:EW;qbkarait:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;gffzywxl:EW;qbkarait:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x2da93d should be: 0x2db35b
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name: gffzywxl
    Source: file.exeStatic PE information: section name: qbkarait
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push 5EF95320h; mov dword ptr [esp], ebp0_2_0036F081
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push ebp; mov dword ptr [esp], ecx0_2_0036F0E2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push eax; mov dword ptr [esp], edx0_2_0036F11E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push ebp; mov dword ptr [esp], eax0_2_0036F147
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push edi; mov dword ptr [esp], 79FF7C40h0_2_0036F1A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push edx; mov dword ptr [esp], 4DE6E845h0_2_0036F206
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push esi; mov dword ptr [esp], 731279F5h0_2_0036F293
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push ebx; mov dword ptr [esp], 77FF8055h0_2_0036F2E4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push ebp; mov dword ptr [esp], 2BA30CE1h0_2_0036F310
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push 6A7626AEh; mov dword ptr [esp], edi0_2_0036F360
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push 0BC1E46Eh; mov dword ptr [esp], esi0_2_0036F431
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push ebp; mov dword ptr [esp], 2DEACA22h0_2_0036F435
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push ebx; mov dword ptr [esp], 4674EF03h0_2_0036F48A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push 738E5470h; mov dword ptr [esp], esp0_2_0036F49C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push 3ED39A13h; mov dword ptr [esp], ecx0_2_0036F530
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push 3F00ADA3h; mov dword ptr [esp], ebp0_2_0036F5BC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push 06FFDCF0h; mov dword ptr [esp], ebp0_2_0036F5CF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push esi; mov dword ptr [esp], eax0_2_0036F61B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push ebp; mov dword ptr [esp], ecx0_2_0036F7DD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push ebx; mov dword ptr [esp], eax0_2_0036F816
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push esi; mov dword ptr [esp], 76F6AEF3h0_2_0036F827
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push 63E7F822h; mov dword ptr [esp], ebp0_2_0036F8E1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push 1583E300h; mov dword ptr [esp], esp0_2_0036F8EF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push edi; mov dword ptr [esp], esp0_2_0036F911
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push 7918A7F2h; mov dword ptr [esp], ebp0_2_0036F94A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push 3732026Fh; mov dword ptr [esp], esi0_2_0036F9FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push 1AB9DEBDh; mov dword ptr [esp], ebx0_2_0036FAD7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push ebp; mov dword ptr [esp], ecx0_2_0036FBA9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push 0DECDB5Ch; mov dword ptr [esp], esi0_2_0036FBDB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push edi; mov dword ptr [esp], ecx0_2_0036FBEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0036F065 push edx; mov dword ptr [esp], edi0_2_0036FC15
    Source: file.exeStatic PE information: section name: entropy: 7.985961036007736

    Boot Survival

    barindex
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 203CB8 second address: 203CD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1367h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 203CD3 second address: 203CD8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 380196 second address: 3801A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38045D second address: 380461 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 381F41 second address: 381F45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 381F45 second address: 381F49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 381F49 second address: 381F53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 381F53 second address: 381FC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 je 00007F1F41150C3Ch 0x0000000e push edx 0x0000000f jmp 00007F1F41150C34h 0x00000014 pop edx 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push ebp 0x00000019 call 00007F1F41150C28h 0x0000001e pop ebp 0x0000001f mov dword ptr [esp+04h], ebp 0x00000023 add dword ptr [esp+04h], 0000001Ch 0x0000002b inc ebp 0x0000002c push ebp 0x0000002d ret 0x0000002e pop ebp 0x0000002f ret 0x00000030 push 00000000h 0x00000032 call 00007F1F41150C2Dh 0x00000037 mov esi, dword ptr [ebp+122D2B55h] 0x0000003d pop edx 0x0000003e call 00007F1F41150C29h 0x00000043 push eax 0x00000044 push edx 0x00000045 jl 00007F1F41150C2Ch 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 381FC5 second address: 381FC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 381FC9 second address: 381FCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 381FCF second address: 382002 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB135Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edi 0x0000000d jmp 00007F1F40FB135Bh 0x00000012 pop edi 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 pushad 0x00000018 push edi 0x00000019 push eax 0x0000001a pop eax 0x0000001b pop edi 0x0000001c push eax 0x0000001d push edx 0x0000001e jng 00007F1F40FB1356h 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 382002 second address: 38201D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F41150C2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38201D second address: 382025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 382025 second address: 382089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jng 00007F1F41150C2Ah 0x00000012 push esi 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop esi 0x00000016 pop eax 0x00000017 xor dword ptr [ebp+122D2521h], esi 0x0000001d push 00000003h 0x0000001f xor edx, 1AA70AF0h 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push edx 0x0000002a call 00007F1F41150C28h 0x0000002f pop edx 0x00000030 mov dword ptr [esp+04h], edx 0x00000034 add dword ptr [esp+04h], 00000017h 0x0000003c inc edx 0x0000003d push edx 0x0000003e ret 0x0000003f pop edx 0x00000040 ret 0x00000041 mov cx, di 0x00000044 push 00000003h 0x00000046 add cx, 03C8h 0x0000004b xor dword ptr [ebp+122D1E1Fh], esi 0x00000051 call 00007F1F41150C29h 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 382089 second address: 38208D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38208D second address: 3820AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F41150C33h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F1F41150C26h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3820AC second address: 3820C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jo 00007F1F40FB1360h 0x0000000f jmp 00007F1F40FB135Ah 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3820C9 second address: 3820DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007F1F41150C26h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3820DE second address: 3820E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3820E2 second address: 3820E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3820E8 second address: 382174 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F1F40FB1361h 0x00000008 jmp 00007F1F40FB135Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [eax] 0x00000011 jmp 00007F1F40FB1366h 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a jmp 00007F1F40FB135Eh 0x0000001f pop eax 0x00000020 call 00007F1F40FB1369h 0x00000025 mov dword ptr [ebp+122D2285h], edi 0x0000002b pop ecx 0x0000002c movsx esi, cx 0x0000002f lea ebx, dword ptr [ebp+12451DE2h] 0x00000035 mov dword ptr [ebp+122D399Fh], edi 0x0000003b xchg eax, ebx 0x0000003c jmp 00007F1F40FB135Dh 0x00000041 push eax 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F1F40FB135Bh 0x0000004a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 382174 second address: 38217D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38221B second address: 3822A6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1F40FB1356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d jng 00007F1F40FB1356h 0x00000013 popad 0x00000014 popad 0x00000015 xor dword ptr [esp], 4D981CCDh 0x0000001c jmp 00007F1F40FB1366h 0x00000021 push 00000003h 0x00000023 push 00000000h 0x00000025 push edx 0x00000026 call 00007F1F40FB1358h 0x0000002b pop edx 0x0000002c mov dword ptr [esp+04h], edx 0x00000030 add dword ptr [esp+04h], 0000001Dh 0x00000038 inc edx 0x00000039 push edx 0x0000003a ret 0x0000003b pop edx 0x0000003c ret 0x0000003d pushad 0x0000003e sub dword ptr [ebp+122D1DD4h], edi 0x00000044 mov dx, 105Dh 0x00000048 popad 0x00000049 push 00000000h 0x0000004b movzx esi, cx 0x0000004e pushad 0x0000004f mov ecx, dword ptr [ebp+122D2E2Ah] 0x00000055 adc bx, 78C4h 0x0000005a popad 0x0000005b push 00000003h 0x0000005d call 00007F1F40FB1359h 0x00000062 jl 00007F1F40FB135Eh 0x00000068 push esi 0x00000069 push eax 0x0000006a push edx 0x0000006b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3822A6 second address: 3822BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f popad 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3822BE second address: 3822D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F1F40FB135Bh 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3822D9 second address: 3822EE instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1F41150C28h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3823D2 second address: 3823D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3823D6 second address: 382438 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1F41150C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007F1F41150C38h 0x00000010 pop esi 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 pushad 0x00000016 clc 0x00000017 mov ecx, edi 0x00000019 popad 0x0000001a push 00000000h 0x0000001c call 00007F1F41150C38h 0x00000021 pushad 0x00000022 mov al, dh 0x00000024 mov dword ptr [ebp+122D1BF4h], edi 0x0000002a popad 0x0000002b pop edx 0x0000002c mov dword ptr [ebp+122D39A9h], edi 0x00000032 push 732AC36Ch 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 382438 second address: 38243C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38243C second address: 382446 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 382446 second address: 3824AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1365h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xor dword ptr [esp], 732AC3ECh 0x00000011 mov dword ptr [ebp+122D377Eh], edi 0x00000017 push 00000003h 0x00000019 mov edx, dword ptr [ebp+122D2E01h] 0x0000001f push 00000000h 0x00000021 jmp 00007F1F40FB135Eh 0x00000026 mov esi, dword ptr [ebp+122D2DD1h] 0x0000002c push 00000003h 0x0000002e ja 00007F1F40FB135Bh 0x00000034 push DF016A70h 0x00000039 jbe 00007F1F40FB1368h 0x0000003f push eax 0x00000040 push edx 0x00000041 jo 00007F1F40FB1356h 0x00000047 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3824AB second address: 3824AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1852 second address: 3A1857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1857 second address: 3A1880 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1F41150C2Ch 0x00000008 jg 00007F1F41150C26h 0x0000000e jnp 00007F1F41150C34h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1880 second address: 3A1886 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1886 second address: 3A18AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F41150C36h 0x00000009 popad 0x0000000a jmp 00007F1F41150C2Ch 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A19E6 second address: 3A19EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1B53 second address: 3A1B58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1B58 second address: 3A1B62 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1F40FB136Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1E28 second address: 3A1E2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1E2C second address: 3A1E4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1368h 0x00000007 jc 00007F1F40FB1356h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1E4E second address: 3A1E53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1E53 second address: 3A1E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A1E59 second address: 3A1E5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A2130 second address: 3A2136 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A2136 second address: 3A2145 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F1F41150C26h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A2145 second address: 3A214B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A214B second address: 3A2166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b jmp 00007F1F41150C2Bh 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A2166 second address: 3A216A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A216A second address: 3A217E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F1F41150C26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F1F41150C26h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A217E second address: 3A218E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jne 00007F1F40FB1356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A218E second address: 3A21A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F41150C2Eh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A28D6 second address: 3A28DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A28DC second address: 3A28E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A28E0 second address: 3A28E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A28E4 second address: 3A2906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F1F41150C34h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A2906 second address: 3A290C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A290C second address: 3A2918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A2A78 second address: 3A2A7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A2A7C second address: 3A2A82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 398568 second address: 39856C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 375811 second address: 37581E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F1F41150C26h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37581E second address: 37582A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jp 00007F1F40FB1356h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3315 second address: 3A3319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3319 second address: 3A331E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A331E second address: 3A3358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F1F41150C38h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push edi 0x0000001b push edi 0x0000001c je 00007F1F41150C26h 0x00000022 pop edi 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A3358 second address: 3A335C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A34BC second address: 3A34C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A34C0 second address: 3A34C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A8C77 second address: 3A8C7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A8DD0 second address: 3A8DD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A8DD4 second address: 3A8DD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A8DD8 second address: 3A8DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F1F40FB135Fh 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 js 00007F1F40FB1360h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A8DFC second address: 3A8E1E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F1F41150C38h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A8E1E second address: 3A8E24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A75DF second address: 3A75E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A7D2D second address: 3A7D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A8EEE second address: 3A8EF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A8EF2 second address: 3A8EF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A8EF6 second address: 3A8EFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A8EFC second address: 3A8F01 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A8F01 second address: 3A8F0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A8F0D second address: 3A8F3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F1F40FB1356h 0x0000000a popad 0x0000000b jmp 00007F1F40FB1368h 0x00000010 popad 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push edi 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AA1A7 second address: 3AA1AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AA1AD second address: 3AA1B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AA1B3 second address: 3AA1B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AED57 second address: 3AED5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AE11B second address: 3AE121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AE121 second address: 3AE126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AE126 second address: 3AE142 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jns 00007F1F41150C26h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push edi 0x0000001a pop edi 0x0000001b popad 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AE478 second address: 3AE4A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1365h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F1F40FB1360h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AE4A3 second address: 3AE4A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AE4A7 second address: 3AE4C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1367h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AE5F4 second address: 3AE5FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AE5FA second address: 3AE5FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AE914 second address: 3AE930 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F1F41150C2Eh 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AEBC9 second address: 3AEBDA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jo 00007F1F40FB1356h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AEBDA second address: 3AEBE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007F1F41150C26h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AEBE9 second address: 3AEBF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AEBF6 second address: 3AEC14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F41150C39h 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AEC14 second address: 3AEC29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1F40FB135Eh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B0B46 second address: 3B0B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B0D94 second address: 3B0D9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B10C4 second address: 3B10D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F1F41150C2Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B14CB second address: 3B14CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B14CF second address: 3B14D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B1582 second address: 3B1586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B1586 second address: 3B15AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e jmp 00007F1F41150C30h 0x00000013 xchg eax, ebx 0x00000014 nop 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B15AB second address: 3B15AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B1660 second address: 3B1665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B1665 second address: 3B1675 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F40FB135Ch 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B1675 second address: 3B1679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B1861 second address: 3B1867 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B1A3B second address: 3B1A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B1A41 second address: 3B1A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B2C55 second address: 3B2C5B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B3CB6 second address: 3B3CBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B47BF second address: 3B47C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B7FFA second address: 3B8009 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B8009 second address: 3B800D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B800D second address: 3B8013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 372141 second address: 372168 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F41150C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F1F41150C26h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 372168 second address: 37218F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB135Ch 0x00000007 jmp 00007F1F40FB1362h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BAA30 second address: 3BAA34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BE212 second address: 3BE216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C07F8 second address: 3C0813 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F41150C37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C0813 second address: 3C081D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F1F40FB1356h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C23FD second address: 3C2407 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1F41150C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C33F9 second address: 3C33FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C33FD second address: 3C3403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C3403 second address: 3C3482 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F1F40FB1363h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jns 00007F1F40FB136Eh 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007F1F40FB1358h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d call 00007F1F40FB135Ah 0x00000032 mov bx, 1071h 0x00000036 pop edi 0x00000037 push ecx 0x00000038 and bl, FFFFFFA0h 0x0000003b pop edi 0x0000003c push 00000000h 0x0000003e xor edi, 5A67D631h 0x00000044 push 00000000h 0x00000046 mov dword ptr [ebp+122D348Bh], ecx 0x0000004c xchg eax, esi 0x0000004d pushad 0x0000004e push ecx 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C3482 second address: 3C348F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F1F41150C26h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C25AA second address: 3C264B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1F40FB1362h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F1F40FB1364h 0x00000010 nop 0x00000011 mov ebx, dword ptr [ebp+122D3968h] 0x00000017 push dword ptr fs:[00000000h] 0x0000001e mov dword ptr [ebp+122D2285h], edi 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b mov bx, 2DE0h 0x0000002f mov eax, dword ptr [ebp+122D03A1h] 0x00000035 js 00007F1F40FB135Bh 0x0000003b push FFFFFFFFh 0x0000003d push 00000000h 0x0000003f push eax 0x00000040 call 00007F1F40FB1358h 0x00000045 pop eax 0x00000046 mov dword ptr [esp+04h], eax 0x0000004a add dword ptr [esp+04h], 0000001Dh 0x00000052 inc eax 0x00000053 push eax 0x00000054 ret 0x00000055 pop eax 0x00000056 ret 0x00000057 or dword ptr [ebp+122D39A9h], ecx 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007F1F40FB1366h 0x00000065 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C4390 second address: 3C439C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C439C second address: 3C43A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C36D6 second address: 3C36DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C5315 second address: 3C531B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C531B second address: 3C5334 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1F41150C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jnp 00007F1F41150C26h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C72EC second address: 3C7306 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F1F40FB1362h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C843B second address: 3C8441 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C7554 second address: 3C7565 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F1F40FB1356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3C7565 second address: 3C756A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CA560 second address: 3CA58C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edi 0x0000000b jmp 00007F1F40FB135Dh 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1F40FB1361h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CB74B second address: 3CB74F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CD6C9 second address: 3CD6EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F1F40FB1368h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CC8EC second address: 3CC8F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CC9D8 second address: 3CCA09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F40FB1369h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F1F40FB1360h 0x00000013 jmp 00007F1F40FB135Ah 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CEB13 second address: 3CEB17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CEB17 second address: 3CEB1D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CD7EF second address: 3CD7FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F41150C2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CD8A4 second address: 3CD8C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1369h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CD8C1 second address: 3CD8C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CD8C7 second address: 3CD8CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D578B second address: 3D5793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D4EB7 second address: 3D4EC0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D5037 second address: 3D5043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F1F41150C26h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D5043 second address: 3D5054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push edi 0x00000009 pop edi 0x0000000a jg 00007F1F40FB1356h 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D5054 second address: 3D506D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F1F41150C32h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D51F6 second address: 3D5202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F1F40FB1356h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D5202 second address: 3D520D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D520D second address: 3D5211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D5211 second address: 3D5217 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3D5380 second address: 3D5398 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F1F40FB1356h 0x00000009 jmp 00007F1F40FB135Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DA513 second address: 3DA540 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1F41150C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jo 00007F1F41150C26h 0x00000014 push edx 0x00000015 pop edx 0x00000016 popad 0x00000017 pop edx 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jmp 00007F1F41150C2Bh 0x00000024 push edx 0x00000025 pop edx 0x00000026 popad 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DA540 second address: 3DA554 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB135Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DA6F5 second address: 3DA738 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jp 00007F1F41150C38h 0x0000000c pushad 0x0000000d jmp 00007F1F41150C2Eh 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 jmp 00007F1F41150C39h 0x0000001e mov eax, dword ptr [eax] 0x00000020 push eax 0x00000021 push edx 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 pop edx 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DA8CD second address: 3DA8D7 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1F40FB1356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DA8D7 second address: 3DA8DC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E158E second address: 3E159C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F1F40FB1356h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E08D0 second address: 3E08D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E0EE7 second address: 3E0EEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E0EEB second address: 3E0F12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F41150C35h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnp 00007F1F41150C2Ch 0x00000011 jc 00007F1F41150C26h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E0F12 second address: 3E0F30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1363h 0x00000007 pushad 0x00000008 jo 00007F1F40FB1356h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E13DF second address: 3E1411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F41150C37h 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F1F41150C33h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E1411 second address: 3E1415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BB3C1 second address: 398568 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1F41150C31h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F1F41150C28h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D251Bh], esi 0x0000002f call dword ptr [ebp+122D360Dh] 0x00000035 jno 00007F1F41150C3Dh 0x0000003b jbe 00007F1F41150C4Ch 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BB9E4 second address: 3BBA13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F1F40FB1356h 0x0000000a popad 0x0000000b pop edi 0x0000000c mov eax, dword ptr [eax] 0x0000000e push ecx 0x0000000f jbe 00007F1F40FB135Ch 0x00000015 jp 00007F1F40FB1356h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F1F40FB135Bh 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BBA13 second address: 3BBA17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BBA17 second address: 3BBA1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BBB12 second address: 3BBB17 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BBBEE second address: 3BBC1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F1F40FB1367h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1F40FB135Ch 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BBC1C second address: 3BBC22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BC610 second address: 3BC615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BC615 second address: 3BC669 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F41150C38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b jmp 00007F1F41150C38h 0x00000010 pop edi 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 pushad 0x00000016 push ebx 0x00000017 pushad 0x00000018 popad 0x00000019 pop ebx 0x0000001a push ebx 0x0000001b jo 00007F1F41150C26h 0x00000021 pop ebx 0x00000022 popad 0x00000023 mov eax, dword ptr [eax] 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 jns 00007F1F41150C26h 0x0000002e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BC71A second address: 3BC77C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push esi 0x00000007 jnl 00007F1F40FB1366h 0x0000000d pop esi 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007F1F40FB1358h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 call 00007F1F40FB135Eh 0x0000002e mov dh, al 0x00000030 pop ecx 0x00000031 lea eax, dword ptr [ebp+1248B0B1h] 0x00000037 nop 0x00000038 push eax 0x00000039 push edx 0x0000003a push edi 0x0000003b jp 00007F1F40FB1356h 0x00000041 pop edi 0x00000042 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BC77C second address: 3BC7E2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jc 00007F1F41150C26h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f js 00007F1F41150C26h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pushad 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b push edx 0x0000001c pop edx 0x0000001d popad 0x0000001e popad 0x0000001f nop 0x00000020 push 00000000h 0x00000022 push edx 0x00000023 call 00007F1F41150C28h 0x00000028 pop edx 0x00000029 mov dword ptr [esp+04h], edx 0x0000002d add dword ptr [esp+04h], 00000016h 0x00000035 inc edx 0x00000036 push edx 0x00000037 ret 0x00000038 pop edx 0x00000039 ret 0x0000003a sbb ecx, 19880AE1h 0x00000040 lea eax, dword ptr [ebp+1248B06Dh] 0x00000046 sub dword ptr [ebp+122D1C58h], edi 0x0000004c add edi, 26B796A7h 0x00000052 nop 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F1F41150C2Dh 0x0000005a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BC7E2 second address: 3BC7FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB135Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F1F40FB135Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BC7FF second address: 399092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebp 0x00000009 call 00007F1F41150C28h 0x0000000e pop ebp 0x0000000f mov dword ptr [esp+04h], ebp 0x00000013 add dword ptr [esp+04h], 00000014h 0x0000001b inc ebp 0x0000001c push ebp 0x0000001d ret 0x0000001e pop ebp 0x0000001f ret 0x00000020 call 00007F1F41150C33h 0x00000025 push edi 0x00000026 mov edx, dword ptr [ebp+122D2573h] 0x0000002c pop ecx 0x0000002d pop edi 0x0000002e je 00007F1F41150C2Ah 0x00000034 mov cx, 0F0Eh 0x00000038 call dword ptr [ebp+122D3909h] 0x0000003e pushad 0x0000003f pushad 0x00000040 jmp 00007F1F41150C33h 0x00000045 push edx 0x00000046 pop edx 0x00000047 jmp 00007F1F41150C2Fh 0x0000004c popad 0x0000004d push eax 0x0000004e jc 00007F1F41150C26h 0x00000054 jmp 00007F1F41150C2Ch 0x00000059 pop eax 0x0000005a jmp 00007F1F41150C30h 0x0000005f popad 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 pushad 0x00000064 popad 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 399092 second address: 3990A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F1F40FB135Bh 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3990A4 second address: 3990BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F41150C33h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36EBDD second address: 36EBE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E4F84 second address: 3E4FA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F41150C2Bh 0x00000007 pushad 0x00000008 jmp 00007F1F41150C2Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E4FA1 second address: 3E4FDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F1F40FB1356h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jnp 00007F1F40FB1360h 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007F1F40FB1369h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E4FDF second address: 3E4FE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E5147 second address: 3E515E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F1F40FB1360h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E52E8 second address: 3E5316 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1F41150C35h 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F1F41150C26h 0x00000010 jmp 00007F1F41150C2Fh 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E5994 second address: 3E59B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F40FB135Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1F40FB135Eh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37A8D7 second address: 37A8DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EA3B7 second address: 3EA3CE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F1F40FB1361h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EA3CE second address: 3EA3D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EA3D5 second address: 3EA401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007F1F40FB135Dh 0x00000011 jmp 00007F1F40FB135Ch 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a push ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EA401 second address: 3EA424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 jmp 00007F1F41150C32h 0x0000000b jc 00007F1F41150C26h 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 pop esi 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EA54E second address: 3EA585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F40FB135Eh 0x00000009 jmp 00007F1F40FB1365h 0x0000000e popad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 jmp 00007F1F40FB135Ah 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EA585 second address: 3EA589 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EA82B second address: 3EA835 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1F40FB1356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EA0BF second address: 3EA0C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F152B second address: 3F1535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F1F40FB1356h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F1535 second address: 3F153B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F153B second address: 3F1547 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 js 00007F1F40FB1356h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F03B5 second address: 3F03E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jc 00007F1F41150C2Ah 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F1F41150C33h 0x00000016 jl 00007F1F41150C2Eh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F0ED7 second address: 3F0EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F0EE2 second address: 3F0EF2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F1F41150C2Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F0EF2 second address: 3F0F0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F1F40FB135Dh 0x0000000a jne 00007F1F40FB1356h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F124F second address: 3F1254 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F1254 second address: 3F1264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 js 00007F1F40FB135Eh 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F41D6 second address: 3F41DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F41DC second address: 3F41F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F40FB1369h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB67E second address: 3FB69A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F1F41150C2Ch 0x0000000c jnl 00007F1F41150C26h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jne 00007F1F41150C26h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB69A second address: 3FB6AA instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1F40FB1356h 0x00000008 jc 00007F1F40FB1356h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB257 second address: 3FB25B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB379 second address: 3FB3B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ebx 0x00000007 push esi 0x00000008 jmp 00007F1F40FB1364h 0x0000000d jo 00007F1F40FB1356h 0x00000013 pop esi 0x00000014 jmp 00007F1F40FB1367h 0x00000019 push ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37735D second address: 377363 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 377363 second address: 377367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FE146 second address: 3FE14A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FE14A second address: 3FE168 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F1F40FB135Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f je 00007F1F40FB1356h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FE168 second address: 3FE16C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FE324 second address: 3FE328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4032A6 second address: 4032E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F41150C2Dh 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f jg 00007F1F41150C32h 0x00000015 push esi 0x00000016 pop esi 0x00000017 jmp 00007F1F41150C2Ah 0x0000001c pushad 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f jmp 00007F1F41150C33h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 403881 second address: 403895 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1F40FB135Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 403895 second address: 403899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4097FB second address: 4097FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4097FF second address: 409807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 409807 second address: 409846 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1362h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jg 00007F1F40FB135Ah 0x00000010 push edx 0x00000011 pop edx 0x00000012 pushad 0x00000013 popad 0x00000014 jl 00007F1F40FB1366h 0x0000001a jnc 00007F1F40FB135Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 408188 second address: 408193 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 408835 second address: 40886B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push edx 0x0000000a jns 00007F1F40FB1356h 0x00000010 pop edx 0x00000011 pop edx 0x00000012 ja 00007F1F40FB137Ah 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F1F40FB1366h 0x0000001f jnc 00007F1F40FB1356h 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BC115 second address: 3BC1D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F1F41150C26h 0x00000009 jnc 00007F1F41150C26h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 je 00007F1F41150C2Eh 0x00000019 je 00007F1F41150C28h 0x0000001f pushad 0x00000020 popad 0x00000021 nop 0x00000022 push 00000000h 0x00000024 push esi 0x00000025 call 00007F1F41150C28h 0x0000002a pop esi 0x0000002b mov dword ptr [esp+04h], esi 0x0000002f add dword ptr [esp+04h], 0000001Ch 0x00000037 inc esi 0x00000038 push esi 0x00000039 ret 0x0000003a pop esi 0x0000003b ret 0x0000003c mov dx, 8861h 0x00000040 mov dword ptr [ebp+122D1DCBh], esi 0x00000046 mov ebx, dword ptr [ebp+1248B0ACh] 0x0000004c mov dword ptr [ebp+122D3471h], edi 0x00000052 add eax, ebx 0x00000054 push 00000000h 0x00000056 push ebx 0x00000057 call 00007F1F41150C28h 0x0000005c pop ebx 0x0000005d mov dword ptr [esp+04h], ebx 0x00000061 add dword ptr [esp+04h], 00000015h 0x00000069 inc ebx 0x0000006a push ebx 0x0000006b ret 0x0000006c pop ebx 0x0000006d ret 0x0000006e xor edx, dword ptr [ebp+122D3630h] 0x00000074 nop 0x00000075 jnc 00007F1F41150C45h 0x0000007b push eax 0x0000007c pushad 0x0000007d jmp 00007F1F41150C36h 0x00000082 pushad 0x00000083 push eax 0x00000084 push edx 0x00000085 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BC1D7 second address: 3BC221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F1F40FB1356h 0x0000000a popad 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F1F40FB1358h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 add dword ptr [ebp+124525B4h], edi 0x0000002d jg 00007F1F40FB135Ch 0x00000033 push 00000004h 0x00000035 mov edi, dword ptr [ebp+122D2C75h] 0x0000003b nop 0x0000003c push edi 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BC221 second address: 3BC227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40CB37 second address: 40CB3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40CCC6 second address: 40CCCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40CCCC second address: 40CCD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40CCD0 second address: 40CCD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40CCD6 second address: 40CCFA instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1F40FB135Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F1F40FB1364h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40CCFA second address: 40CD13 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F41150C35h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40CD13 second address: 40CD22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40CD22 second address: 40CD40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnp 00007F1F41150C39h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40CD40 second address: 40CD6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1361h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F1F40FB1368h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40CEC8 second address: 40CEE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007F1F41150C37h 0x0000000c pop ebx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40CEE7 second address: 40CF25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F1F40FB1361h 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b jmp 00007F1F40FB1366h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 jno 00007F1F40FB1356h 0x0000001b je 00007F1F40FB1356h 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40D31F second address: 40D338 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F41150C35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40D338 second address: 40D368 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F1F40FB1361h 0x0000000a jmp 00007F1F40FB1366h 0x0000000f popad 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40D368 second address: 40D36E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40D36E second address: 40D37F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F1F40FB135Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40D37F second address: 40D38F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F1F41150C2Ch 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 416BCB second address: 416BE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB135Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007F1F40FB1356h 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 414B47 second address: 414B4D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 414B4D second address: 414B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F1F40FB1358h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 414B5E second address: 414B64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 414B64 second address: 414B75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F40FB135Dh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 415A68 second address: 415A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnp 00007F1F41150C2Eh 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jne 00007F1F41150C26h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 415A86 second address: 415A8C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 415A8C second address: 415A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 415A97 second address: 415A9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 415A9C second address: 415AA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 415D81 second address: 415DC0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1F40FB135Eh 0x00000008 jc 00007F1F40FB1356h 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F1F40FB135Ch 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jg 00007F1F40FB135Ch 0x0000001f jmp 00007F1F40FB1363h 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4181EA second address: 4181FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F1F41150C2Fh 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4181FE second address: 418205 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36B5E3 second address: 36B5ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41B502 second address: 41B508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41B508 second address: 41B518 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jns 00007F1F41150C26h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41B518 second address: 41B559 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1F40FB135Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b pushad 0x0000000c jmp 00007F1F40FB1366h 0x00000011 jmp 00007F1F40FB1361h 0x00000016 js 00007F1F40FB1356h 0x0000001c popad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41B559 second address: 41B55F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41B6E8 second address: 41B70F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1365h 0x00000007 jns 00007F1F40FB1356h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007F1F40FB1356h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41B994 second address: 41B9AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F41150C35h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41BB49 second address: 41BB69 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b jmp 00007F1F40FB1360h 0x00000010 push eax 0x00000011 pop eax 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41BB69 second address: 41BB6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41BB6E second address: 41BBA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F40FB1369h 0x00000009 pop eax 0x0000000a push edx 0x0000000b jbe 00007F1F40FB1356h 0x00000011 jg 00007F1F40FB1356h 0x00000017 pop edx 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push edi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41BBA1 second address: 41BBAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F1F41150C26h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42BAAE second address: 42BAB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42BAB5 second address: 42BAD1 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1F41150C3Eh 0x00000008 jmp 00007F1F41150C32h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42BAD1 second address: 42BAF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F1F40FB1360h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F1F40FB1356h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42BAF2 second address: 42BAF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42A1A7 second address: 42A1EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1368h 0x00000007 push edx 0x00000008 jmp 00007F1F40FB1365h 0x0000000d pop edx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 push edx 0x00000012 jo 00007F1F40FB1356h 0x00000018 pop edx 0x00000019 jc 00007F1F40FB135Eh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42A8DD second address: 42A8F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1F41150C26h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F1F41150C2Ah 0x00000014 pushad 0x00000015 popad 0x00000016 push edx 0x00000017 pop edx 0x00000018 push ecx 0x00000019 pushad 0x0000001a popad 0x0000001b pop ecx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42AA68 second address: 42AA82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F40FB135Fh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4297CC second address: 4297D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4297D4 second address: 4297DD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4297DD second address: 4297E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4297E3 second address: 4297F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42FCB8 second address: 42FCBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42FCBE second address: 42FCF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1368h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F1F40FB1368h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42FCF7 second address: 42FD03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42FD03 second address: 42FD35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB135Eh 0x00000007 jmp 00007F1F40FB1360h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jnc 00007F1F40FB135Ch 0x00000014 jc 00007F1F40FB1356h 0x0000001a push eax 0x0000001b push edx 0x0000001c push edx 0x0000001d pop edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42FD35 second address: 42FD39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 432BB6 second address: 432BC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F1F40FB1356h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 432D60 second address: 432D89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F41150C36h 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F1F41150C2Ch 0x00000010 pop eax 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 432D89 second address: 432D97 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1F40FB1358h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 432D97 second address: 432DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F41150C38h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 432F39 second address: 432F3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 432F3F second address: 432F49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F1F41150C26h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44223E second address: 44224D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1F40FB1356h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44224D second address: 44228F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F1F41150C37h 0x0000000b jmp 00007F1F41150C37h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 popad 0x00000014 jo 00007F1F41150C4Ah 0x0000001a push eax 0x0000001b push edx 0x0000001c push esi 0x0000001d pop esi 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 441D71 second address: 441DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F1F40FB1356h 0x0000000a jmp 00007F1F40FB1365h 0x0000000f jmp 00007F1F40FB135Ah 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jo 00007F1F40FB1356h 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4442B0 second address: 4442B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4442B4 second address: 4442BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4442BE second address: 4442C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4442C2 second address: 4442C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 444052 second address: 44405C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1F41150C2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 452351 second address: 452356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 452356 second address: 452360 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1F41150C2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 452360 second address: 452376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F1F40FB135Eh 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 452376 second address: 45237A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45237A second address: 4523AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e jno 00007F1F40FB1356h 0x00000014 popad 0x00000015 jng 00007F1F40FB1358h 0x0000001b pushad 0x0000001c popad 0x0000001d jmp 00007F1F40FB135Fh 0x00000022 js 00007F1F40FB135Eh 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 452223 second address: 452229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 452229 second address: 45223A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push esi 0x00000006 pop esi 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4539D7 second address: 4539DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45AB58 second address: 45AB5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45AB5C second address: 45ABB3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F1F41150C26h 0x00000008 jmp 00007F1F41150C38h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F1F41150C36h 0x00000015 jmp 00007F1F41150C33h 0x0000001a push eax 0x0000001b pop eax 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jbe 00007F1F41150C26h 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45AD0C second address: 45AD10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45AE6C second address: 45AEB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F41150C38h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F1F41150C2Fh 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F1F41150C2Fh 0x00000016 jmp 00007F1F41150C2Eh 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45AEB7 second address: 45AEE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1362h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jbe 00007F1F40FB1362h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45B076 second address: 45B07A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45B1D6 second address: 45B1E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push edx 0x00000009 pushad 0x0000000a jl 00007F1F40FB1356h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BB373 second address: 3BB3C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov dword ptr [esp], eax 0x00000008 mov edi, dword ptr [ebp+122D2DBDh] 0x0000000e lea eax, dword ptr [ebp+1248B06Dh] 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007F1F41150C28h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 0000001Ch 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e je 00007F1F41150C2Ah 0x00000034 mov dx, 97F9h 0x00000038 sbb edi, 6902092Dh 0x0000003e push eax 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 popad 0x00000044 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45EDEE second address: 45EE09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F40FB1361h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45EE09 second address: 45EE0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 470602 second address: 47060D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F1F40FB1356h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47060D second address: 470619 instructions: 0x00000000 rdtsc 0x00000002 je 00007F1F41150C2Eh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 472F7F second address: 472F97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F40FB1360h 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46E3A6 second address: 46E3C1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F1F41150C35h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46E3C1 second address: 46E403 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 jng 00007F1F40FB1356h 0x0000000d popad 0x0000000e jne 00007F1F40FB1364h 0x00000014 jmp 00007F1F40FB135Eh 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jmp 00007F1F40FB1369h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46E403 second address: 46E420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F41150C2Ah 0x00000009 jns 00007F1F41150C26h 0x0000000f popad 0x00000010 push edx 0x00000011 jbe 00007F1F41150C26h 0x00000017 pop edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46E420 second address: 46E460 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1F40FB136Dh 0x00000008 jmp 00007F1F40FB1367h 0x0000000d pushad 0x0000000e jmp 00007F1F40FB1361h 0x00000013 jmp 00007F1F40FB135Dh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 480EFA second address: 480EFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 480EFE second address: 480F0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1F40FB1356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 480F0E second address: 480F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F41150C32h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A4D3 second address: 49A4F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007F1F40FB1366h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A77A second address: 49A78A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1F41150C2Ch 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A78A second address: 49A798 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1F40FB1356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A798 second address: 49A79C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49AE41 second address: 49AE61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 ja 00007F1F40FB1356h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop eax 0x00000010 push esi 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 pop esi 0x00000016 jc 00007F1F40FB135Eh 0x0000001c push esi 0x0000001d pop esi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E1AF second address: 49E1C1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F1F41150C28h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49E1C1 second address: 49E1CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F1F40FB1356h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A1324 second address: 4A1345 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1F41150C2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007F1F41150C26h 0x00000011 jns 00007F1F41150C26h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A1345 second address: 4A1364 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F1F40FB1366h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A2F7B second address: 4A2F8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pop edi 0x00000009 jnc 00007F1F41150C2Eh 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230AFE second address: 5230B04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230B04 second address: 5230B08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230B08 second address: 5230B0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230B0C second address: 5230B56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [eax+00000FDCh] 0x0000000e pushad 0x0000000f mov bx, A0B8h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushfd 0x00000016 jmp 00007F1F41150C37h 0x0000001b add cl, 0000007Eh 0x0000001e jmp 00007F1F41150C39h 0x00000023 popfd 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230B56 second address: 5230B8F instructions: 0x00000000 rdtsc 0x00000002 mov bh, al 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 test ecx, ecx 0x00000009 jmp 00007F1F40FB1363h 0x0000000e jns 00007F1F40FB13B8h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F1F40FB1365h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230B8F second address: 5230B97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230B97 second address: 5230C3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 add eax, ecx 0x00000009 pushad 0x0000000a jmp 00007F1F40FB1362h 0x0000000f call 00007F1F40FB1362h 0x00000014 call 00007F1F40FB1362h 0x00000019 pop ecx 0x0000001a pop edx 0x0000001b popad 0x0000001c mov eax, dword ptr [eax+00000860h] 0x00000022 jmp 00007F1F40FB135Eh 0x00000027 test eax, eax 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F1F40FB135Dh 0x00000032 sub cx, AA36h 0x00000037 jmp 00007F1F40FB1361h 0x0000003c popfd 0x0000003d pushfd 0x0000003e jmp 00007F1F40FB1360h 0x00000043 sub ax, A958h 0x00000048 jmp 00007F1F40FB135Bh 0x0000004d popfd 0x0000004e popad 0x0000004f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230C3B second address: 5230C53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1F41150C34h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5230C53 second address: 5230C79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F1FB17F745Ah 0x0000000e pushad 0x0000000f mov edi, 515541D0h 0x00000014 push eax 0x00000015 push edx 0x00000016 call 00007F1F40FB135Fh 0x0000001b pop ecx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 203D21 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 203C38 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 3CEB48 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 4348C8 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 6664Thread sleep time: -60000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 6664Thread sleep time: -30000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000002.2082248642.000000000133E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
    Source: file.exe, 00000000.00000002.2082369029.000000000139C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080904765.000000000139C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW<2
    Source: file.exe, 00000000.00000002.2082441705.00000000013C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080904765.00000000013C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001E5BB0 LdrInitializeThunk,0_2_001E5BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.store
    Source: file.exeString found in binary or memory: bathdoomgaz.store
    Source: file.exeString found in binary or memory: studennotediw.store
    Source: file.exeString found in binary or memory: dissapoiznw.store
    Source: file.exeString found in binary or memory: eaglepawnoy.store
    Source: file.exeString found in binary or memory: mobbipenju.store
    Source: file.exe, file.exe, 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: vProgram Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter
    1
    DLL Side-Loading
    1
    Process Injection
    24
    Virtualization/Sandbox Evasion
    OS Credential Dumping631
    Security Software Discovery
    Remote Services1
    Archive Collected Data
    11
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell
    Boot or Logon Initialization Scripts1
    DLL Side-Loading
    1
    Process Injection
    LSASS Memory24
    Virtualization/Sandbox Evasion
    Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information
    Security Account Manager2
    Process Discovery
    SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information
    NTDS23
    System Information Discovery
    Distributed Component Object ModelInput Capture113
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing
    LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading
    Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.TPM.Gen
    file.exe100%Joe Sandbox ML
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    104.102.49.254
    truetrue
      unknown
      eaglepawnoy.store
      unknown
      unknowntrue
        unknown
        bathdoomgaz.store
        unknown
        unknowntrue
          unknown
          spirittunek.store
          unknown
          unknowntrue
            unknown
            licendfilteo.site
            unknown
            unknowntrue
              unknown
              studennotediw.store
              unknown
              unknowntrue
                unknown
                mobbipenju.store
                unknown
                unknowntrue
                  unknown
                  clearancek.site
                  unknown
                  unknowntrue
                    unknown
                    dissapoiznw.store
                    unknown
                    unknowntrue
                      unknown
                      NameMaliciousAntivirus DetectionReputation
                      bathdoomgaz.storetrue
                        unknown
                        studennotediw.storetrue
                          unknown
                          clearancek.sitetrue
                            unknown
                            dissapoiznw.storetrue
                              unknown
                              https://steamcommunity.com/profiles/76561199724331900true
                                unknown
                                spirittunek.storetrue
                                  unknown
                                  licendfilteo.sitetrue
                                    unknown
                                    eaglepawnoy.storetrue
                                      unknown
                                      mobbipenju.storetrue
                                        unknown
                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          unknown
                                          https://player.vimeo.comfile.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                            unknown
                                            https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              unknown
                                              https://help.steampowered.com/en/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              unknown
                                              https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcVfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                unknown
                                                https://steamcommunity.com/market/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  unknown
                                                  https://store.steampowered.com/news/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    unknown
                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      unknown
                                                      https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuXfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        unknown
                                                        https://recaptcha.net/recaptcha/;file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          unknown
                                                          http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            unknown
                                                            https://www.youtube.comfile.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              unknown
                                                              https://www.google.comfile.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                unknown
                                                                https://store.steampowered.com/stats/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&amp;l=englisfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  unknown
                                                                  https://medal.tvfile.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&ampfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080904765.0000000001378000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://s.ytimg.com;file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                unknown
                                                                                https://login.steampowered.com/file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                https://steamcommunity.com/6file.exe, 00000000.00000003.2080904765.00000000013D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  https://store.steampowered.com/legal/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://steam.tv/file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=englfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    unknown
                                                                                    https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BXfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        unknown
                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          unknown
                                                                                          https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&amp;l=english&amfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            unknown
                                                                                            https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cb9e7f3651c38ac4file.exe, 00000000.00000003.2080904765.00000000013D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                unknown
                                                                                                https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&amp;l=englifile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://recaptcha.netfile.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://store.steampowered.com/file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  unknown
                                                                                                  https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&amp;l=efile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://steamcommunity.comfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      unknown
                                                                                                      https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&amp;file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://sketchfab.comfile.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          unknown
                                                                                                          https://lv.queniujq.cnfile.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          unknown
                                                                                                          https://www.youtube.com/file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            http://127.0.0.1:27060file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              unknown
                                                                                                              https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                https://steamcommunity.com/zI9file.exe, 00000000.00000002.2082369029.0000000001390000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080904765.0000000001390000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    unknown
                                                                                                                    https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    https://www.google.com/recaptcha/file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      https://checkout.steampowered.com/file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      https://help.steampowered.com/file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      https://api.steampowered.com/file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2082248642.0000000001373000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080864927.0000000001409000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        https://store.steampowered.com/mobilefile.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        https://steamcommunity.com/file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          https://steamcommunity.com/profiles/765611997243319002file.exe, 00000000.00000002.2082369029.0000000001390000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2080904765.0000000001390000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            https://store.steampowered.com/;file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            unknown
                                                                                                                            https://store.steampowered.com/about/file.exe, 00000000.00000003.2080864927.000000000140F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            unknown
                                                                                                                            https://community.cloudflare.steamstatic.com/file.exe, 00000000.00000002.2082441705.00000000013D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              unknown
                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs
                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              104.102.49.254
                                                                                                                              steamcommunity.comUnited States
                                                                                                                              16625AKAMAI-ASUStrue
                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                              Analysis ID:1540590
                                                                                                                              Start date and time:2024-10-23 23:52:06 +02:00
                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                              Overall analysis duration:0h 2m 43s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Cookbook file name:default.jbs
                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                              Number of analysed new started processes analysed:2
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:0
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Sample name:file.exe
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal100.troj.evad.winEXE@1/0@9/1
                                                                                                                              EGA Information:
                                                                                                                              • Successful, ratio: 100%
                                                                                                                              HCA Information:Failed
                                                                                                                              Cookbook Comments:
                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                              • Stop behavior analysis, all processes terminated
                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                              • VT rate limit hit for: file.exe
                                                                                                                              TimeTypeDescription
                                                                                                                              17:53:01API Interceptor3x Sleep call for process: file.exe modified
                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                              • www.valvesoftware.com/legal.htm
                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              xxJfSec58P.exeGet hashmaliciousVidarBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              UMrFwHyjUi.exeGet hashmaliciousVidarBrowse
                                                                                                                              • 92.122.104.90
                                                                                                                              b157p9L0c1.exeGet hashmaliciousVidarBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              PFlJLzFUqH.exeGet hashmaliciousVidarBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              AKAMAI-ASUShttps://merzcon-my.sharepoint.com/:f:/g/personal/cnico_merzcon_onmicrosoft_com/EmjHG5K9dP9BtgBBeTTFhjABJRRLGM6IhVrJlwBTMWY8rg?e=pfkS1fGet hashmaliciousUnknownBrowse
                                                                                                                              • 23.38.98.96
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              https://printwithwave.co:443,*Get hashmaliciousUnknownBrowse
                                                                                                                              • 2.19.126.198
                                                                                                                              Demande de proposition du CPE Les Coquins.pdfGet hashmaliciousUnknownBrowse
                                                                                                                              • 2.19.126.163
                                                                                                                              Demande de proposition du CPE Les Coquins.pdfGet hashmaliciousUnknownBrowse
                                                                                                                              • 2.19.126.163
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/b%C2%ADr%C2%ADi%C2%ADa%C2%ADn%C2%ADs%C2%ADd%C2%ADr%C2%ADe%C2%ADn%C2%ADn%C2%ADa%C2%ADn%C2%ADm%C2%ADo%C2%AD.%C2%ADc%C2%ADo%C2%ADm%C2%AD.%C2%ADp%C2%ADl/ZsS8z/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 2.19.126.198
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 23.210.234.207
                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              044SqLy1H3.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              wRcmIT6Eji.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              qfq0JTpoq9.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              W1WowSI1iG.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              No context
                                                                                                                              No created / dropped files found
                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Entropy (8bit):6.53854702132829
                                                                                                                              TrID:
                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                              File name:file.exe
                                                                                                                              File size:2'971'136 bytes
                                                                                                                              MD5:07fb99b5324ed101f9ee2b563c5a7b21
                                                                                                                              SHA1:5a88bfb58a261299919f42446ca2fba32a6366ea
                                                                                                                              SHA256:89ab0e926d3c2d8502322e7c325b2d0b978a65ce075868f63280636ebeb932aa
                                                                                                                              SHA512:c4945ff06f72bbabe18e53c633c9ec224eb79dcba748b43a4959fb4e73deb2a292d2a175fcad46dfbeffb5d104a4af2d0e87ac39feab2c6ca3fe3b750021c10c
                                                                                                                              SSDEEP:49152:vxT6sny2s9FeYy/bhzH0xHZPG+oEgFd3SGjeRtwD:5Osny2s9Fe//bhzUxHHo3Dy8D
                                                                                                                              TLSH:E9D55D916A19B2CFE09A27B4D42BCD83697D07FC8F2704D3A92CA4B97D63DC111B9C19
                                                                                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................0...........@...........................1.....=.-...@.................................W...k..
                                                                                                                              Icon Hash:00928e8e8686b000
                                                                                                                              Entrypoint:0x70d000
                                                                                                                              Entrypoint Section:.taggant
                                                                                                                              Digitally signed:false
                                                                                                                              Imagebase:0x400000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                              Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:
                                                                                                                              OS Version Major:6
                                                                                                                              OS Version Minor:0
                                                                                                                              File Version Major:6
                                                                                                                              File Version Minor:0
                                                                                                                              Subsystem Version Major:6
                                                                                                                              Subsystem Version Minor:0
                                                                                                                              Import Hash:2eabe9054cad5152567f0699947a2c5b
                                                                                                                              Instruction
                                                                                                                              jmp 00007F1F4070813Ah
                                                                                                                              sysenter
                                                                                                                              sub eax, 00000000h
                                                                                                                              add cl, ch
                                                                                                                              add byte ptr [eax], ah
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [edx+ecx], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              xor byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add al, 00h
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              and al, byte ptr [eax]
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              pop es
                                                                                                                              add byte ptr [eax], 00000000h
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              adc byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add al, 0Ah
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              0x10000x5d0000x25e007ff00eceeefed5b8569a7953d5918f14False0.9995616749174917data7.985961036007736IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              gffzywxl0x600000x2ac0000x2ac000dde20e135193c82817f9e16932bf8e3bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              qbkarait0x30c0000x10000x400483000ff99c2e2e738de98cb4eb90676False0.7490234375data5.964725058913978IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .taggant0x30d0000x30000x22008785f9b73740e516e496760d4fd5c741False0.0625DOS executable (COM)0.7701394751294124IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              DLLImport
                                                                                                                              kernel32.dlllstrcpy
                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                              2024-10-23T23:53:02.235056+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.5599621.1.1.153UDP
                                                                                                                              2024-10-23T23:53:02.272655+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.5616521.1.1.153UDP
                                                                                                                              2024-10-23T23:53:02.286359+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.5566401.1.1.153UDP
                                                                                                                              2024-10-23T23:53:02.302691+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.5530781.1.1.153UDP
                                                                                                                              2024-10-23T23:53:02.313855+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.5588491.1.1.153UDP
                                                                                                                              2024-10-23T23:53:02.325321+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.5577721.1.1.153UDP
                                                                                                                              2024-10-23T23:53:02.337886+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.5651921.1.1.153UDP
                                                                                                                              2024-10-23T23:53:02.350903+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.5521821.1.1.153UDP
                                                                                                                              2024-10-23T23:53:03.955444+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.549704104.102.49.254443TCP
                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Oct 23, 2024 23:53:02.381284952 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:02.381355047 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:02.381457090 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:02.383002996 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:02.383042097 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.226547956 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.226658106 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:03.261780024 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:03.261862993 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.262309074 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.316124916 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:03.371373892 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:03.419328928 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.955497026 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.955559015 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.955579996 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.955626965 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:03.955665112 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.955687046 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.955727100 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.955770016 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:03.955770969 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:03.955770969 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:03.955806971 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:03.970762968 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.970848083 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.970979929 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:03.972659111 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:03.972697020 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:03.972723961 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 23, 2024 23:53:03.972738981 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Oct 23, 2024 23:53:02.235055923 CEST5996253192.168.2.51.1.1.1
                                                                                                                              Oct 23, 2024 23:53:02.247462034 CEST53599621.1.1.1192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:02.272655010 CEST6165253192.168.2.51.1.1.1
                                                                                                                              Oct 23, 2024 23:53:02.285085917 CEST53616521.1.1.1192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:02.286359072 CEST5664053192.168.2.51.1.1.1
                                                                                                                              Oct 23, 2024 23:53:02.300482035 CEST53566401.1.1.1192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:02.302690983 CEST5307853192.168.2.51.1.1.1
                                                                                                                              Oct 23, 2024 23:53:02.312484026 CEST53530781.1.1.1192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:02.313854933 CEST5884953192.168.2.51.1.1.1
                                                                                                                              Oct 23, 2024 23:53:02.324107885 CEST53588491.1.1.1192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:02.325320959 CEST5777253192.168.2.51.1.1.1
                                                                                                                              Oct 23, 2024 23:53:02.336883068 CEST53577721.1.1.1192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:02.337886095 CEST6519253192.168.2.51.1.1.1
                                                                                                                              Oct 23, 2024 23:53:02.348181009 CEST53651921.1.1.1192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:02.350903034 CEST5218253192.168.2.51.1.1.1
                                                                                                                              Oct 23, 2024 23:53:02.360524893 CEST53521821.1.1.1192.168.2.5
                                                                                                                              Oct 23, 2024 23:53:02.364581108 CEST5019553192.168.2.51.1.1.1
                                                                                                                              Oct 23, 2024 23:53:02.374603033 CEST53501951.1.1.1192.168.2.5
                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                              Oct 23, 2024 23:53:02.235055923 CEST192.168.2.51.1.1.10x4125Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.272655010 CEST192.168.2.51.1.1.10x4fffStandard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.286359072 CEST192.168.2.51.1.1.10x263cStandard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.302690983 CEST192.168.2.51.1.1.10x95dStandard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.313854933 CEST192.168.2.51.1.1.10x2acdStandard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.325320959 CEST192.168.2.51.1.1.10x253Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.337886095 CEST192.168.2.51.1.1.10xacf6Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.350903034 CEST192.168.2.51.1.1.10x8797Standard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.364581108 CEST192.168.2.51.1.1.10xb58bStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                              Oct 23, 2024 23:53:02.247462034 CEST1.1.1.1192.168.2.50x4125Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.285085917 CEST1.1.1.1192.168.2.50x4fffName error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.300482035 CEST1.1.1.1192.168.2.50x263cName error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.312484026 CEST1.1.1.1192.168.2.50x95dName error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.324107885 CEST1.1.1.1192.168.2.50x2acdName error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.336883068 CEST1.1.1.1192.168.2.50x253Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.348181009 CEST1.1.1.1192.168.2.50xacf6Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.360524893 CEST1.1.1.1192.168.2.50x8797Name error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 23, 2024 23:53:02.374603033 CEST1.1.1.1192.168.2.50xb58bNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                              • steamcommunity.com
                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.2.549704104.102.49.2544435908C:\Users\user\Desktop\file.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-10-23 21:53:03 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                              Connection: Keep-Alive
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                              Host: steamcommunity.com
                                                                                                                              2024-10-23 21:53:03 UTC1917INHTTP/1.1 200 OK
                                                                                                                              Server: nginx
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Date: Wed, 23 Oct 2024 21:53:03 GMT
                                                                                                                              Content-Length: 26105
                                                                                                                              Connection: close
                                                                                                                              Set-Cookie: sessionid=74a3572305bfc63debaa5668; Path=/; Secure; SameSite=None
                                                                                                                              Set-Cookie: steamCountry=US%7Cb9e7f3651c38ac41ccf738a8ba3498dc; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                              2024-10-23 21:53:03 UTC14467INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                              2024-10-23 21:53:03 UTC11638INData Raw: 22 3f 6c 3d 74 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 b9 81 e9 ab 94 e4 b8 ad e6 96 87 20 28 54 72 61 64 69 74 69 6f 6e 61 6c 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 6a 61 70 61 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6a 61 70 61 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e6 97 a5 e6 9c ac e8 aa 9e 20 28 4a
                                                                                                                              Data Ascii: "?l=tchinese" onclick="ChangeLanguage( 'tchinese' ); return false;"> (Traditional Chinese)</a><a class="popup_menu_item tight" href="?l=japanese" onclick="ChangeLanguage( 'japanese' ); return false;"> (J


                                                                                                                              Click to jump to process

                                                                                                                              Click to jump to process

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Target ID:0
                                                                                                                              Start time:17:53:00
                                                                                                                              Start date:23/10/2024
                                                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                              Imagebase:0x1a0000
                                                                                                                              File size:2'971'136 bytes
                                                                                                                              MD5 hash:07FB99B5324ED101F9EE2B563C5A7B21
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              Reset < >

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:1%
                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                Signature Coverage:56.2%
                                                                                                                                Total number of Nodes:48
                                                                                                                                Total number of Limit Nodes:6
                                                                                                                                execution_graph 20722 1b049b 20726 1b0227 20722->20726 20723 1b0455 20729 1e5700 RtlFreeHeap 20723->20729 20726->20723 20727 1b0308 20726->20727 20728 1e5700 RtlFreeHeap 20726->20728 20728->20723 20729->20727 20730 1e673d 20732 1e66aa 20730->20732 20731 1e6793 20732->20731 20735 1e5bb0 LdrInitializeThunk 20732->20735 20734 1e67b3 20735->20734 20736 1e50fa 20737 1e5176 LoadLibraryExW 20736->20737 20739 1e514c 20736->20739 20738 1e518c 20737->20738 20739->20737 20745 1e64b8 20747 1e63f2 20745->20747 20746 1e646e 20747->20746 20749 1e5bb0 LdrInitializeThunk 20747->20749 20749->20746 20750 1ad110 20754 1ad119 20750->20754 20751 1ad2ee ExitProcess 20752 1ad2e9 20757 1e56e0 FreeLibrary 20752->20757 20754->20751 20754->20752 20756 1b0b40 FreeLibrary 20754->20756 20756->20752 20757->20751 20758 1e60d2 20759 1e60fa 20758->20759 20760 1e614e 20759->20760 20764 1e5bb0 LdrInitializeThunk 20759->20764 20763 1e5bb0 LdrInitializeThunk 20760->20763 20763->20760 20764->20760 20778 1e626a 20781 1e628d 20778->20781 20779 1e636e 20780 1e62de 20780->20779 20784 1e5bb0 LdrInitializeThunk 20780->20784 20781->20780 20785 1e5bb0 LdrInitializeThunk 20781->20785 20784->20779 20785->20780 20786 1dd9cb 20788 1dd9fb 20786->20788 20787 1dda65 20788->20787 20790 1e5bb0 LdrInitializeThunk 20788->20790 20790->20788 20791 1afca0 20794 1afcdc 20791->20794 20792 1affe4 20794->20792 20795 1e3220 20794->20795 20796 1e32ac 20795->20796 20797 1e32a2 RtlFreeHeap 20795->20797 20798 1e3236 20795->20798 20796->20792 20797->20796 20798->20797 20799 1e3202 RtlAllocateHeap

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 25 1e50fa-1e514a 26 1e514c-1e514f 25->26 27 1e5176-1e5186 LoadLibraryExW 25->27 28 1e5150-1e5174 call 1e5a50 26->28 29 1e518c-1e51b5 27->29 30 1e52d8-1e5304 27->30 28->27 29->30
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 001E5182
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID: <I$)$<I$)$@^
                                                                                                                                • API String ID: 1029625771-935358343
                                                                                                                                • Opcode ID: d2412c8324452fe6dc0c2cafd21ad588660c79c530b3d26a212b8ac0c4d95f38
                                                                                                                                • Instruction ID: 229b99c240bd4f424bc05e1fe5b119a0e793099d4c61d1f71eb0c59aac18c0ee
                                                                                                                                • Opcode Fuzzy Hash: d2412c8324452fe6dc0c2cafd21ad588660c79c530b3d26a212b8ac0c4d95f38
                                                                                                                                • Instruction Fuzzy Hash: D9219D351083848FC300DF68D890B2EB7E5AB6A304F69482CE1C5D7352D736D955CB56

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 33 1afca0-1afcda 34 1afd0b-1afe22 33->34 35 1afcdc-1afcdf 33->35 37 1afe5b-1afe8c 34->37 38 1afe24 34->38 36 1afce0-1afd09 call 1b2690 35->36 36->34 41 1afe8e-1afe8f 37->41 42 1afeb6-1afecf call 1b0b50 37->42 40 1afe30-1afe59 call 1b2760 38->40 40->37 46 1afe90-1afeb4 call 1b2700 41->46 50 1affe4-1affe6 42->50 51 1afed5-1afef8 42->51 46->42 55 1b01b1-1b01bb 50->55 53 1afefa 51->53 54 1aff2b-1aff2d 51->54 56 1aff00-1aff29 call 1b27e0 53->56 57 1aff30-1aff3a 54->57 56->54 59 1aff3c-1aff3f 57->59 60 1aff41-1aff49 57->60 59->57 59->60 62 1aff4f-1aff76 60->62 63 1b01a2-1b01a5 call 1e3220 60->63 65 1affab-1affb5 62->65 66 1aff78 62->66 69 1b01aa-1b01ad 63->69 67 1affeb 65->67 68 1affb7-1affbb 65->68 70 1aff80-1affa9 call 1b2840 66->70 72 1affed-1affef 67->72 71 1affc7-1affcb 68->71 69->55 70->65 75 1b019a 71->75 76 1affd1-1affd8 71->76 72->75 77 1afff5-1b002c 72->77 75->63 78 1affda-1affdc 76->78 79 1affde 76->79 80 1b005b-1b0065 77->80 81 1b002e-1b002f 77->81 78->79 84 1affc0-1affc5 79->84 85 1affe0-1affe2 79->85 82 1b0067-1b006f 80->82 83 1b00a4 80->83 86 1b0030-1b0059 call 1b28a0 81->86 87 1b0087-1b008b 82->87 88 1b00a6-1b00a8 83->88 84->71 84->72 85->84 86->80 87->75 91 1b0091-1b0098 87->91 88->75 92 1b00ae-1b00c5 88->92 93 1b009a-1b009c 91->93 94 1b009e 91->94 95 1b00fb-1b0102 92->95 96 1b00c7 92->96 93->94 99 1b0080-1b0085 94->99 100 1b00a0-1b00a2 94->100 97 1b0130-1b013c 95->97 98 1b0104-1b010d 95->98 101 1b00d0-1b00f9 call 1b2900 96->101 103 1b01c2-1b01c7 97->103 102 1b0117-1b011b 98->102 99->87 99->88 100->99 101->95 102->75 105 1b011d-1b0124 102->105 103->63 107 1b012a 105->107 108 1b0126-1b0128 105->108 109 1b012c-1b012e 107->109 110 1b0110-1b0115 107->110 108->107 109->110 110->102 111 1b0141-1b0143 110->111 111->75 112 1b0145-1b015b 111->112 112->103 113 1b015d-1b015f 112->113 114 1b0163-1b0166 113->114 115 1b0168-1b0188 call 1b2030 114->115 116 1b01bc 114->116 119 1b018a-1b0190 115->119 120 1b0192-1b0198 115->120 116->103 119->114 119->120 120->103
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: J|BJ$V$VY^_$t
                                                                                                                                • API String ID: 0-3701112211
                                                                                                                                • Opcode ID: 6a462e02fa9d68c3e68e4b195a342615253237bcb3405bbbf0dcaddec3603cf9
                                                                                                                                • Instruction ID: 254a18677d6670216766a575b5bef36a454dfabf3e1fc34559e37ad14b531fe9
                                                                                                                                • Opcode Fuzzy Hash: 6a462e02fa9d68c3e68e4b195a342615253237bcb3405bbbf0dcaddec3603cf9
                                                                                                                                • Instruction Fuzzy Hash: 71D1887550C3909BD316DF58C49466FBBE1AF9AB44F18882CF4C98B212C336CD4ADB92

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 157 1ad110-1ad11b call 1e4cc0 160 1ad2ee-1ad2f6 ExitProcess 157->160 161 1ad121-1ad130 call 1dc8d0 157->161 165 1ad2e9 call 1e56e0 161->165 166 1ad136-1ad15f 161->166 165->160 170 1ad161 166->170 171 1ad196-1ad1bf 166->171 172 1ad170-1ad194 call 1ad300 170->172 173 1ad1c1 171->173 174 1ad1f6-1ad20c 171->174 172->171 178 1ad1d0-1ad1f4 call 1ad370 173->178 175 1ad239-1ad23b 174->175 176 1ad20e-1ad20f 174->176 180 1ad23d-1ad25a 175->180 181 1ad286-1ad2aa 175->181 179 1ad210-1ad237 call 1ad3e0 176->179 178->174 179->175 180->181 185 1ad25c-1ad25f 180->185 186 1ad2ac-1ad2af 181->186 187 1ad2d6 call 1ae8f0 181->187 191 1ad260-1ad284 call 1ad440 185->191 192 1ad2b0-1ad2d4 call 1ad490 186->192 193 1ad2db-1ad2dd 187->193 191->181 192->187 193->165 196 1ad2df-1ad2e4 call 1b2f10 call 1b0b40 193->196 196->165
                                                                                                                                APIs
                                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 001AD2F1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExitProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 621844428-0
                                                                                                                                • Opcode ID: 4c441381debacf6ee183cb6d54158edb52766349a8a3852dd923ffcacef8b41c
                                                                                                                                • Instruction ID: 6911267902a72af43181779db2fa0ba3d1ba4d995029cb48b8b9a2ddcc54e0fc
                                                                                                                                • Opcode Fuzzy Hash: 4c441381debacf6ee183cb6d54158edb52766349a8a3852dd923ffcacef8b41c
                                                                                                                                • Instruction Fuzzy Hash: E14133B850D380ABC701AB68E195A2EFBF5AF63704F148C0DE5C59B612C336D814DB67

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 212 1e5bb0-1e5be2 LdrInitializeThunk
                                                                                                                                APIs
                                                                                                                                • LdrInitializeThunk.NTDLL(001E973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 001E5BDE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                                • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 241 1e695b-1e696b call 1e4a20 244 1e696d 241->244 245 1e6981-1e6a02 241->245 246 1e6970-1e697f 244->246 247 1e6a36-1e6a42 245->247 248 1e6a04 245->248 246->245 246->246 250 1e6a44-1e6a4f 247->250 251 1e6a85-1e6a9f 247->251 249 1e6a10-1e6a34 call 1e73e0 248->249 249->247 253 1e6a50-1e6a57 250->253 255 1e6a59-1e6a5c 253->255 256 1e6a60-1e6a66 253->256 255->253 257 1e6a5e 255->257 256->251 258 1e6a68-1e6a7d call 1e5bb0 256->258 257->251 260 1e6a82 258->260 260->251
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                • Opcode ID: d5d1f5c2a741d5779df3a4ed0d45cd9b0efd5a65b83ee16ddb7da7f618c1e10b
                                                                                                                                • Instruction ID: 9ebb242b62e1750c5b78d27ae486507e4172b029929cf8bd78603c592f90a6f0
                                                                                                                                • Opcode Fuzzy Hash: d5d1f5c2a741d5779df3a4ed0d45cd9b0efd5a65b83ee16ddb7da7f618c1e10b
                                                                                                                                • Instruction Fuzzy Hash: F3319AB09087418FD718EF15D49063EB7F2FFA4384F84892CE5C697261E3749944CB56

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 261 1b049b-1b0515 call 1ac9f0 265 1b045b-1b0469 call 1e5700 261->265 266 1b03fb-1b0414 261->266 267 1b0339-1b034f 261->267 268 1b035f-1b0367 261->268 269 1b03be 261->269 270 1b03de-1b03e3 261->270 271 1b051c-1b051e 261->271 272 1b0393-1b0397 261->272 273 1b0472-1b0477 261->273 274 1b0311-1b0320 261->274 275 1b0370-1b037e 261->275 276 1b03d0-1b03d7 261->276 277 1b0417-1b0430 261->277 278 1b0356 261->278 279 1b0308-1b030c 261->279 280 1b03ec-1b03f4 261->280 281 1b0242-1b0244 261->281 282 1b0482-1b0484 261->282 283 1b0440-1b0458 call 1e5700 261->283 284 1b0480 261->284 285 1b0227-1b023b 261->285 286 1b0246-1b0260 261->286 287 1b0386-1b038c 261->287 265->273 266->277 267->265 267->266 267->268 267->269 267->270 267->272 267->273 267->275 267->276 267->277 267->278 267->280 267->282 267->283 267->284 267->287 268->275 269->276 270->280 294 1b0520-1b0b30 271->294 295 1b03a0-1b03b7 272->295 273->284 303 1b0327-1b0332 274->303 275->287 276->266 276->270 276->272 276->273 276->277 276->280 276->282 276->284 276->287 277->283 278->268 292 1b048d-1b0496 279->292 280->266 280->272 280->273 280->282 280->284 288 1b0296-1b02bd 281->288 282->292 283->265 285->265 285->266 285->267 285->268 285->269 285->270 285->272 285->273 285->274 285->275 285->276 285->277 285->278 285->279 285->280 285->281 285->282 285->283 285->284 285->286 285->287 289 1b0262 286->289 290 1b0294 286->290 287->272 287->273 287->282 287->284 297 1b02ea-1b0301 288->297 298 1b02bf 288->298 296 1b0270-1b0292 call 1b2eb0 289->296 290->288 292->294 295->265 295->266 295->269 295->270 295->272 295->273 295->276 295->277 295->280 295->282 295->283 295->284 295->287 296->290 297->265 297->266 297->267 297->268 297->269 297->270 297->272 297->273 297->274 297->275 297->276 297->277 297->278 297->279 297->280 297->282 297->283 297->284 297->287 308 1b02c0-1b02e8 call 1b2e70 298->308 303->265 303->266 303->267 303->268 303->269 303->270 303->272 303->273 303->275 303->276 303->277 303->278 303->280 303->282 303->283 303->284 303->287 308->297
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 97c0a7122e800b90227e1139ad4ee1e1b669a28524397b6bc3d36d41779db1b8
                                                                                                                                • Instruction ID: ff538edc303f471aee927110ddc9023f4af9e904e80c15acb098d51b8f696ebd
                                                                                                                                • Opcode Fuzzy Hash: 97c0a7122e800b90227e1139ad4ee1e1b669a28524397b6bc3d36d41779db1b8
                                                                                                                                • Instruction Fuzzy Hash: 03918C75200B00CFD729CF65D894A2BB7F6FF89314B118A6CE8568BAA1D731F856CB50

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 315 1b0228-1b023b 316 1b045b-1b0469 call 1e5700 315->316 317 1b03fb-1b0414 315->317 318 1b0339-1b034f 315->318 319 1b035f-1b0367 315->319 320 1b03be 315->320 321 1b03de-1b03e3 315->321 322 1b0393-1b0397 315->322 323 1b0472-1b0477 315->323 324 1b0311-1b0320 315->324 325 1b0370-1b037e 315->325 326 1b03d0-1b03d7 315->326 327 1b0417-1b0430 315->327 328 1b0356 315->328 329 1b0308-1b030c 315->329 330 1b03ec-1b03f4 315->330 331 1b0242-1b0244 315->331 332 1b0482-1b0484 315->332 333 1b0440-1b0458 call 1e5700 315->333 334 1b0480 315->334 335 1b0246-1b0260 315->335 336 1b0386-1b038c 315->336 316->323 317->327 318->316 318->317 318->319 318->320 318->321 318->322 318->323 318->325 318->326 318->327 318->328 318->330 318->332 318->333 318->334 318->336 319->325 320->326 321->330 343 1b03a0-1b03b7 322->343 323->334 351 1b0327-1b0332 324->351 325->336 326->317 326->321 326->322 326->323 326->327 326->330 326->332 326->334 326->336 327->333 328->319 341 1b048d-1b0b30 329->341 330->317 330->322 330->323 330->332 330->334 337 1b0296-1b02bd 331->337 332->341 333->316 338 1b0262 335->338 339 1b0294 335->339 336->322 336->323 336->332 336->334 345 1b02ea-1b0301 337->345 346 1b02bf 337->346 344 1b0270-1b0292 call 1b2eb0 338->344 339->337 343->316 343->317 343->320 343->321 343->322 343->323 343->326 343->327 343->330 343->332 343->333 343->334 343->336 344->339 345->316 345->317 345->318 345->319 345->320 345->321 345->322 345->323 345->324 345->325 345->326 345->327 345->328 345->329 345->330 345->332 345->333 345->334 345->336 355 1b02c0-1b02e8 call 1b2e70 346->355 351->316 351->317 351->318 351->319 351->320 351->321 351->322 351->323 351->325 351->326 351->327 351->328 351->330 351->332 351->333 351->334 351->336 355->345
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a2a8a55da3037203fa85c9f06225ef46c89d6fbea88fcc995e112c641bd23782
                                                                                                                                • Instruction ID: 2fa47c3004a008dd7884ab4caaf4262e1acc6bf5aceb08a92e72387b2402f113
                                                                                                                                • Opcode Fuzzy Hash: a2a8a55da3037203fa85c9f06225ef46c89d6fbea88fcc995e112c641bd23782
                                                                                                                                • Instruction Fuzzy Hash: 6D716C74200740DFD7258F61E894B2BB7B6FF89314F11896CE8568BA62C731E85ACB50
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 21a903e7ed92cb0111416a1d9b215506c725e5d81d9519e9769a4786d73d928a
                                                                                                                                • Instruction ID: 1c18758665e7774a70359849fa579a6b64387cb90112c6613993851466b1db77
                                                                                                                                • Opcode Fuzzy Hash: 21a903e7ed92cb0111416a1d9b215506c725e5d81d9519e9769a4786d73d928a
                                                                                                                                • Instruction Fuzzy Hash: AB419D34608780ABD724EA16D890F2FF7E6EF85754F64882CF58A97251D331E841CB62
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 3df5885d098140595090092ecf7d39077de41d59b32992961db0e704efe14842
                                                                                                                                • Instruction ID: 9ff53db688eb374387f77073cb16ee5024d9efeba99cce431a6ea289dc7377e8
                                                                                                                                • Opcode Fuzzy Hash: 3df5885d098140595090092ecf7d39077de41d59b32992961db0e704efe14842
                                                                                                                                • Instruction Fuzzy Hash: 5B31C370649741BAD724DA06CD81F3EB7A6FBA0B95FA44508F281562D1D370A851CB52
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4f6333baad86836ee1f99305ffa7ba18fcafdfb7c37563844351cfebd2715d84
                                                                                                                                • Instruction ID: e8c06ea93f74695fe0f52b24ed97e0c649ac929070d4f2ea167ff57823f6c7d3
                                                                                                                                • Opcode Fuzzy Hash: 4f6333baad86836ee1f99305ffa7ba18fcafdfb7c37563844351cfebd2715d84
                                                                                                                                • Instruction Fuzzy Hash: D8210CB4A0025A9FEB15CFA4CC90BBFBBB1FB4A304F144859E911BB291C735A951CB64

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 202 1e3220-1e322f 203 1e32ac-1e32b0 202->203 204 1e3236-1e3252 202->204 205 1e32a2-1e32a6 RtlFreeHeap 202->205 206 1e32a0 202->206 207 1e3286-1e3296 204->207 208 1e3254 204->208 205->203 206->205 207->206 209 1e3260-1e3284 call 1e5af0 208->209 209->207
                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(?,00000000), ref: 001E32A6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                • Opcode ID: 48185da7b7cd2b6623257367cb7ae4f039d21b5c037d66ec7fc7ed6593114ce7
                                                                                                                                • Instruction ID: 2bde13952b257ab8e1ab71e4d9c48cd7d4838c69414d2b8a705048f8966d323d
                                                                                                                                • Opcode Fuzzy Hash: 48185da7b7cd2b6623257367cb7ae4f039d21b5c037d66ec7fc7ed6593114ce7
                                                                                                                                • Instruction Fuzzy Hash: 59016D3450D280DBC701EF18E859A2EBBE9EF9A700F05491CE5C58B361D335DD60DBA2

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 213 1e3202-1e3211 RtlAllocateHeap
                                                                                                                                APIs
                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000), ref: 001E3208
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                • Opcode ID: 916531ed38cdb561bd9b55a80f1b05c871fd0772d8642d4562cf25126c7ffd9a
                                                                                                                                • Instruction ID: d0ed117c9cdcd576032874a79efbe200c2f8d1a5c8300d1848d0c118add1a37d
                                                                                                                                • Opcode Fuzzy Hash: 916531ed38cdb561bd9b55a80f1b05c871fd0772d8642d4562cf25126c7ffd9a
                                                                                                                                • Instruction Fuzzy Hash: ACB012300400005FDA042B00FC0BF203511EB00609F800150A100080B1D56258A4C554
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                                                                • API String ID: 2994545307-1418943773
                                                                                                                                • Opcode ID: b325f56e45d10f04a77a0ff55611d35df03475a0fabf6ffaf054c5bf5ea8b615
                                                                                                                                • Instruction ID: 51c11b8ae7cc01fb61c6bd8b335e54d05e33f62154e37680abe75607a03a371f
                                                                                                                                • Opcode Fuzzy Hash: b325f56e45d10f04a77a0ff55611d35df03475a0fabf6ffaf054c5bf5ea8b615
                                                                                                                                • Instruction Fuzzy Hash: 60F276B45083819BD774CF14C894BEBBBE6BFD5304F54482CE4C98B292EB719985CB92
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
                                                                                                                                • API String ID: 0-786070067
                                                                                                                                • Opcode ID: 300732aab26cedb846d39cf734de4e61c643b55ff9282823a112c4dd74985374
                                                                                                                                • Instruction ID: 12b3c8ea428a4cdee2f00d720fd6d126a0618e57bff7f73a2896b25ea220f0bc
                                                                                                                                • Opcode Fuzzy Hash: 300732aab26cedb846d39cf734de4e61c643b55ff9282823a112c4dd74985374
                                                                                                                                • Instruction Fuzzy Hash: A933AE74504B818FD7258F38C590762BBF1BF16304F58899ED4EA8BB92C735E906CBA1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                                                                • API String ID: 0-1131134755
                                                                                                                                • Opcode ID: e4ab8eecef8a24c7d9d2205e3990623cb6511e02ba2176fd89307b57cda255a4
                                                                                                                                • Instruction ID: e85f609f78a23fc9d8b9f651a3b5f1dc89d7a4fdf23492bc38c1ec78c1558c0e
                                                                                                                                • Opcode Fuzzy Hash: e4ab8eecef8a24c7d9d2205e3990623cb6511e02ba2176fd89307b57cda255a4
                                                                                                                                • Instruction Fuzzy Hash: E552C6B800D385CAE271CF26D581B9EBAF1BB92744F608A1DE1ED9B255DB708045CF93
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: (G?x$/0[~$/0[~$9#/$<7$=J_$@$V]$D,3v$M6{K$PT~;$Wmu$[=v|$o&>o$s:?$/\k$;
                                                                                                                                • API String ID: 0-543573827
                                                                                                                                • Opcode ID: 2fef3bcdb698a6e3050552a8e4ed839f516a77c9b60ecca0ef91b24117074821
                                                                                                                                • Instruction ID: 399506be11e17df91807e763fc4499568eff1de36e77744cd3a385cb6d6553ad
                                                                                                                                • Opcode Fuzzy Hash: 2fef3bcdb698a6e3050552a8e4ed839f516a77c9b60ecca0ef91b24117074821
                                                                                                                                • Instruction Fuzzy Hash: B6B219F3A0C614AFE304AE2DEC8567ABBE5EFD4720F1A493DE6C4C3744E63558018696
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                                • API String ID: 0-655414846
                                                                                                                                • Opcode ID: 56722447bb48be424775fc258b03085fea1df375e2f8593eebc9ad5ab3315a09
                                                                                                                                • Instruction ID: f8224d342d0c3146262b6c51d1e638a3d30e0aea6456b9af4ba66f99ea3033f5
                                                                                                                                • Opcode Fuzzy Hash: 56722447bb48be424775fc258b03085fea1df375e2f8593eebc9ad5ab3315a09
                                                                                                                                • Instruction Fuzzy Hash: B6F14FB4508380ABD310DF55D885A2BBBF4FBAAB48F144D1CF4D59B252D334DA48CB96
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
                                                                                                                                • API String ID: 0-1557708024
                                                                                                                                • Opcode ID: b276f70999975352212973cd7d78ba678e9e6949b6ed66f8cb6790dbc900163d
                                                                                                                                • Instruction ID: 9ffd90e884f6b2df1f6395c822880f9d061bdca8e9c66c59cb77b7bad4132108
                                                                                                                                • Opcode Fuzzy Hash: b276f70999975352212973cd7d78ba678e9e6949b6ed66f8cb6790dbc900163d
                                                                                                                                • Instruction Fuzzy Hash: D992DE75E00205CFDB08CF68D851BAEBBB2BF59310F298269E456AB391D735ED41CB90
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                                                                • API String ID: 0-4102007303
                                                                                                                                • Opcode ID: 4a9dece07fb5fc4aaf3c3bc88fd71a6831c65fe57cbba03a6ce0ba90c3bbd1c6
                                                                                                                                • Instruction ID: 3b4aeedb1f50da45031ef8b40f07b99ca743a13aea0ce408dfa3b9f9efb51c57
                                                                                                                                • Opcode Fuzzy Hash: 4a9dece07fb5fc4aaf3c3bc88fd71a6831c65fe57cbba03a6ce0ba90c3bbd1c6
                                                                                                                                • Instruction Fuzzy Hash: 4C6289B5608381CBD730CF14D891BABB7E1FFAA314F08492DE49A8B652E7759940CB53
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                                                                • API String ID: 0-2517803157
                                                                                                                                • Opcode ID: 0e1e5f3afa5695635adcb0f9d50a6c52e3afd3a2797260507176297071c7e391
                                                                                                                                • Instruction ID: 8fe49d390751f057c5eb1e48c7fa27a11779ba05e0615cf3207e0fce8861f1d1
                                                                                                                                • Opcode Fuzzy Hash: 0e1e5f3afa5695635adcb0f9d50a6c52e3afd3a2797260507176297071c7e391
                                                                                                                                • Instruction Fuzzy Hash: 19D203796083519FD718CE28C49436ABBE2AFDA314F188A2DF499C7391D734DD45CB82
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: =^~$?-vb$k ?v$u1w.$,7_$E-~$rS?
                                                                                                                                • API String ID: 0-1775995929
                                                                                                                                • Opcode ID: a06a67d45c1a70f003fce5b367972986ddcfd4215c07c345cde0f8bdd839334e
                                                                                                                                • Instruction ID: 213c8fe900492f9dff49257c8ad5465571f1d632c17872dd7d74e21a825a2ba8
                                                                                                                                • Opcode Fuzzy Hash: a06a67d45c1a70f003fce5b367972986ddcfd4215c07c345cde0f8bdd839334e
                                                                                                                                • Instruction Fuzzy Hash: DAB217F3A0C2049FE3046E2DEC8567AB7E9EF94320F1A493DEAC4C7744EA3558458697
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 53=$Fa^6$P=~$UO$ZeY$gL}$th?[
                                                                                                                                • API String ID: 0-599033155
                                                                                                                                • Opcode ID: c63dafbd2e4a519b090d089db199b7eb92174acc412ff672cf3265e6a3a31861
                                                                                                                                • Instruction ID: 3740bf533bfe8c3a410fc9c1b7d551bf820f67b3c91d62fd8d2b0b11d49b7374
                                                                                                                                • Opcode Fuzzy Hash: c63dafbd2e4a519b090d089db199b7eb92174acc412ff672cf3265e6a3a31861
                                                                                                                                • Instruction Fuzzy Hash: 91B209F39082049FD704AE2DDC8567AFBE9EF94720F1A4A3DEAC4C3744E63598058697
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Ah]_$E__?$Qk.$q%\U$({_$A>
                                                                                                                                • API String ID: 0-3407391843
                                                                                                                                • Opcode ID: ad3f412382b0d88f95d497e01be24c66a15b506add66557801865ad3f373c3c9
                                                                                                                                • Instruction ID: 2c2e9e6dd2c3479a5d82d1b3d424183d4b6b8fd6f7adf2267fd1c307ebb5e488
                                                                                                                                • Opcode Fuzzy Hash: ad3f412382b0d88f95d497e01be24c66a15b506add66557801865ad3f373c3c9
                                                                                                                                • Instruction Fuzzy Hash: 68B227F3A0C2049FE3046E2DEC8577AFBE9EF94720F1A453DEAC487744EA3558418696
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $"gm$2"tw$JVr_$JN?$oW`v
                                                                                                                                • API String ID: 0-3839322283
                                                                                                                                • Opcode ID: 6469c8781671f25e349c37fb037550d0eb56cbeae5b4af29b22f4e439c8ee5eb
                                                                                                                                • Instruction ID: af44f17590e5a17af37142e0a2e97e3ff255ac028218d01bb6f4725e9d6e3b29
                                                                                                                                • Opcode Fuzzy Hash: 6469c8781671f25e349c37fb037550d0eb56cbeae5b4af29b22f4e439c8ee5eb
                                                                                                                                • Instruction Fuzzy Hash: 70B208F3A082049FE304AE2DEC8567AFBE9EF94720F16853DE6C493744EA3558058697
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 0$0$0$@$i
                                                                                                                                • API String ID: 0-3124195287
                                                                                                                                • Opcode ID: 99732c407a9fe537cf604cae6fa7c6a85172b7b56ed9e2c7302d059af152bdd9
                                                                                                                                • Instruction ID: 325ad394442b5d1e878980d0c16d1428e705497699b782304ccab7b884c5b097
                                                                                                                                • Opcode Fuzzy Hash: 99732c407a9fe537cf604cae6fa7c6a85172b7b56ed9e2c7302d059af152bdd9
                                                                                                                                • Instruction Fuzzy Hash: C262E379A0C3819FC319CF28C49476ABBE1AFD6314F188E1DE8D987291D774D949CB82
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                                • API String ID: 0-1123320326
                                                                                                                                • Opcode ID: 0342b690801a7e3762d9c731b078cdd1cf7f435bfd567db29869d90f7e50a0b9
                                                                                                                                • Instruction ID: 67c696ba65c5c62371eadb660f67de0bbcd8375b923bb64bda5bbe138a544988
                                                                                                                                • Opcode Fuzzy Hash: 0342b690801a7e3762d9c731b078cdd1cf7f435bfd567db29869d90f7e50a0b9
                                                                                                                                • Instruction Fuzzy Hash: 96F1A13960C3918FC719CE2CC48426AFBE2AFDA304F188A6DE4D987356D774D945CB92
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: C6Gv$R>_S$zY?$Xy?
                                                                                                                                • API String ID: 0-729449700
                                                                                                                                • Opcode ID: aca65e42c034f1ee98059682fc215161f5cb202a53f00eb2e813884e27ac522a
                                                                                                                                • Instruction ID: e3a73169827e0a5c3c22434e081677c7f7fbf8bb4d671d20f13665a8384ea30e
                                                                                                                                • Opcode Fuzzy Hash: aca65e42c034f1ee98059682fc215161f5cb202a53f00eb2e813884e27ac522a
                                                                                                                                • Instruction Fuzzy Hash: 69B219F360C210AFE304AE2DEC8567ABBE9EF94320F1A453DEAC4D7744E63558058697
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                                • API String ID: 0-3620105454
                                                                                                                                • Opcode ID: 98d96b479adc8a51f44321174631fc45fe9c3b255227ad1235fddedeecb7a0fb
                                                                                                                                • Instruction ID: 4ed41a1eb9b19346812552c60f7b4f9da11489e0dabccd08bf58cfbaeead159e
                                                                                                                                • Opcode Fuzzy Hash: 98d96b479adc8a51f44321174631fc45fe9c3b255227ad1235fddedeecb7a0fb
                                                                                                                                • Instruction Fuzzy Hash: 25D17C3560C7818FC719CE29C48426AFBE2AFDA308F18CA6DE4D987356D734D949CB52
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 2OS[$<(S[$^xj~$E}
                                                                                                                                • API String ID: 0-4083284322
                                                                                                                                • Opcode ID: b1b5e5c9624e1d17abe586d92a32dae3a6fd8e0d412d5b66bd9415e5f12b87d8
                                                                                                                                • Instruction ID: 399bfa50b25c26bd54eda94f5411b709d3836433ba047c2ec70a5750680e3700
                                                                                                                                • Opcode Fuzzy Hash: b1b5e5c9624e1d17abe586d92a32dae3a6fd8e0d412d5b66bd9415e5f12b87d8
                                                                                                                                • Instruction Fuzzy Hash: B592F8F360C2049FE304AE2DEC8577ABBE9EB94720F16853DE6C4C7744EA3558058697
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: :$NA_I$m1s3$uvw
                                                                                                                                • API String ID: 0-3973114637
                                                                                                                                • Opcode ID: 3932b049d7a60fc252a328444473f442393e4a3d746c1f449aaa88aff29782af
                                                                                                                                • Instruction ID: 85565291acba40a34d5f36dd524b8d5666306d46eee6a95ef40b79240c1b27d9
                                                                                                                                • Opcode Fuzzy Hash: 3932b049d7a60fc252a328444473f442393e4a3d746c1f449aaa88aff29782af
                                                                                                                                • Instruction Fuzzy Hash: CB32B9B0508380EFD311DF29D880B2EBBE2AB9A344F144A6DF5D58B3A2D335D945CB52
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($;z$p$ss
                                                                                                                                • API String ID: 0-2391135358
                                                                                                                                • Opcode ID: ffa83448c139378158f85c88cf8ee3c270707eb6e6b8366b1ab0f189ad8fb739
                                                                                                                                • Instruction ID: 3061278ad1d5d42875b0a079fb9d2b8d1f5c1c1ff733fe2944c09ce79fbc11b7
                                                                                                                                • Opcode Fuzzy Hash: ffa83448c139378158f85c88cf8ee3c270707eb6e6b8366b1ab0f189ad8fb739
                                                                                                                                • Instruction Fuzzy Hash: 69025CB4810B00DFD760EF25D986756BFF5FB05300F50895DE8AA8B696E330E419CBA2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: a|$hu$lc$sj
                                                                                                                                • API String ID: 0-3748788050
                                                                                                                                • Opcode ID: 1a6897cfeac5495ef81c7c3d674ab1a1c83d9b5a365f4bfc2b8d48050d28529a
                                                                                                                                • Instruction ID: f0365991b7251d72cef10a87219e645756f0d47cdd2bfcee34dc803828a7717b
                                                                                                                                • Opcode Fuzzy Hash: 1a6897cfeac5495ef81c7c3d674ab1a1c83d9b5a365f4bfc2b8d48050d28529a
                                                                                                                                • Instruction Fuzzy Hash: 5FA18B744083418BC720DF18C891B6BB7F0FFA6754F589A0CE8D59B291E739D941CBA6
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: M-/$jT5$[s
                                                                                                                                • API String ID: 0-1340261728
                                                                                                                                • Opcode ID: 105910d06f3532d868317904a1587ed6b38ff512335abff1be52c67fb6189441
                                                                                                                                • Instruction ID: 3b1e78e322dc72ce52c010952213b6c6fb8057f54decfa06037f414886e2dc37
                                                                                                                                • Opcode Fuzzy Hash: 105910d06f3532d868317904a1587ed6b38ff512335abff1be52c67fb6189441
                                                                                                                                • Instruction Fuzzy Hash: 7CB22AF3A0C2049FE3086E29EC8577AF7E5EF94720F1A4A3DE6C5C3744E63558018696
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: #'$CV$KV$T>
                                                                                                                                • API String ID: 0-95592268
                                                                                                                                • Opcode ID: acef078eb41c71b4102a1f1a4c36c7c25c78ae50e10f4341a71c0ce60d583eed
                                                                                                                                • Instruction ID: 82d824d031a0e5d1a3f5c89363f7b875df1f991e00bf0c9087d2e416f6258e65
                                                                                                                                • Opcode Fuzzy Hash: acef078eb41c71b4102a1f1a4c36c7c25c78ae50e10f4341a71c0ce60d583eed
                                                                                                                                • Instruction Fuzzy Hash: 958155B48017459BCB20DFA5D28566EBFB1FF16300F604A1CE486ABB55C330AA55CFE2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: (g6e$,{*y$4c2a$lk
                                                                                                                                • API String ID: 0-1327526056
                                                                                                                                • Opcode ID: f509cb10f2e3fa3d8ed4ab00ed2a2e0e808c119299a6fb6d0b67d7ada1dc56f8
                                                                                                                                • Instruction ID: 195767309c4e6fbf72f72add21d5f51cc22b4aa311ce5946657c624dfd66eff4
                                                                                                                                • Opcode Fuzzy Hash: f509cb10f2e3fa3d8ed4ab00ed2a2e0e808c119299a6fb6d0b67d7ada1dc56f8
                                                                                                                                • Instruction Fuzzy Hash: EE4173B4408381DBD7219F20D900BABB7F0FF96309F94995DE5C997260EB32D944CB96
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($%*+($~/i!
                                                                                                                                • API String ID: 0-4033100838
                                                                                                                                • Opcode ID: a6d3312f9f0207b222e3d4966ac1ed0020a13c3647605d167808571b48bfbc5c
                                                                                                                                • Instruction ID: b2cfae5a7fe5a4df3593ecd36b75b987d7349943abe72509c09f4131b1b29a4c
                                                                                                                                • Opcode Fuzzy Hash: a6d3312f9f0207b222e3d4966ac1ed0020a13c3647605d167808571b48bfbc5c
                                                                                                                                • Instruction Fuzzy Hash: DEE195B5508340EFE320DF65D881B2FBBE6FB95354F48882CE6898B251E771D851CB92
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: )$)$IEND
                                                                                                                                • API String ID: 0-588110143
                                                                                                                                • Opcode ID: 9afc3ec84ebb2003875ee456cd805371b03a149c4c87364f3a405434b4b2370e
                                                                                                                                • Instruction ID: 201811cc5a078f63e7e1d2212459efc9a225a73138a3a0b1525dc9f922f54c2b
                                                                                                                                • Opcode Fuzzy Hash: 9afc3ec84ebb2003875ee456cd805371b03a149c4c87364f3a405434b4b2370e
                                                                                                                                • Instruction Fuzzy Hash: 95E1C2B9A087429FE310CF28C88172BFBE0BB95314F14492DE59997391EB75E915CBC2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($f
                                                                                                                                • API String ID: 0-2038831151
                                                                                                                                • Opcode ID: dd8f863bd38c5d5bcf5f68588999abb4762eea84dd72345f7d69240415722ef1
                                                                                                                                • Instruction ID: c9a16763454567f42532937af17387b973d42eb487e39fddc4a1b37415593e72
                                                                                                                                • Opcode Fuzzy Hash: dd8f863bd38c5d5bcf5f68588999abb4762eea84dd72345f7d69240415722ef1
                                                                                                                                • Instruction Fuzzy Hash: 9512AC716087819FC714CF1AC890B2EBBE2FBC9314F588A2CF5958B291D735E945CB92
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: dg$hi
                                                                                                                                • API String ID: 0-2859417413
                                                                                                                                • Opcode ID: 32ca71064f0522346ee7867858b6859eeb2a8d36cafe320d76073873d346e85d
                                                                                                                                • Instruction ID: ad3607806cba23dfe54002c54623aa5d3373357d4751a9ead351754f02508702
                                                                                                                                • Opcode Fuzzy Hash: 32ca71064f0522346ee7867858b6859eeb2a8d36cafe320d76073873d346e85d
                                                                                                                                • Instruction Fuzzy Hash: 6FF18671628341EFE708CF24D891B6ABBE5FB85348F14892DF4968B3A1C735D945CB12
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Inf$NaN
                                                                                                                                • API String ID: 0-3500518849
                                                                                                                                • Opcode ID: c023f439a4456e8b1ad4548a1b805299f66612c83a385ab54c26f6759a05f1f8
                                                                                                                                • Instruction ID: 22158d9bfe4908914a842d21fe6f9958dde452b1ca0781f88964b0a03a8dd319
                                                                                                                                • Opcode Fuzzy Hash: c023f439a4456e8b1ad4548a1b805299f66612c83a385ab54c26f6759a05f1f8
                                                                                                                                • Instruction Fuzzy Hash: A7D1E575A083119BC708CF68C88061FF7E1EBC9750F258A2DF9A9973A0E775DD448B82
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Fs}
                                                                                                                                • API String ID: 0-1978587056
                                                                                                                                • Opcode ID: cd2c808975f8f5acc5b39872cf0ae4886f73aaf233c1e8266a5ad0d7c6c0abc9
                                                                                                                                • Instruction ID: 6a9fbd71543f6bc98e74cf5a8138ea86ca3835e4dd6c1a9f995f9b41e7acd283
                                                                                                                                • Opcode Fuzzy Hash: cd2c808975f8f5acc5b39872cf0ae4886f73aaf233c1e8266a5ad0d7c6c0abc9
                                                                                                                                • Instruction Fuzzy Hash: F2A2E6F390C2049FE304AE2DDC8577ABBE5EF94720F16893DE6C4C3744EA3598448696
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 6Bo_$NQ7~
                                                                                                                                • API String ID: 0-1441984522
                                                                                                                                • Opcode ID: 9200516eac51db1c89d9b88ee5e1c3bb0ade921219a33c83ef800b205c586ba6
                                                                                                                                • Instruction ID: 383cffc7227a80d3d6b5ab42894464a8d7161e81fcbcf5670ddcbfebcbd36bd7
                                                                                                                                • Opcode Fuzzy Hash: 9200516eac51db1c89d9b88ee5e1c3bb0ade921219a33c83ef800b205c586ba6
                                                                                                                                • Instruction Fuzzy Hash: D45127F3E082105BF300AE29EC8177AB7E6EB94320F1B853DEAC4D7744E939580586D2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: BaBc$Ye[g
                                                                                                                                • API String ID: 0-286865133
                                                                                                                                • Opcode ID: 7258b5f8d311af4823043cf2ecabdf870999205c8c7a11210206773b02e0443c
                                                                                                                                • Instruction ID: b75f9bbf2abd409659a1c2d22c89ec50a92b23c28764289163266b8529574f74
                                                                                                                                • Opcode Fuzzy Hash: 7258b5f8d311af4823043cf2ecabdf870999205c8c7a11210206773b02e0443c
                                                                                                                                • Instruction Fuzzy Hash: E8519DB1608381CBD732CF14C491BABB7E0FFAA350F19491DE49A8B651E3749940CB57
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %1.17g
                                                                                                                                • API String ID: 0-1551345525
                                                                                                                                • Opcode ID: 29cbfb90e9ab8f242ed3649f4f9c598962fbe5c8d71a978c931ab760a42b19fd
                                                                                                                                • Instruction ID: f8f8516988db9d48b2be93740bc41e4a94c0d95a893ac3cc5dbd2b8c464db8fb
                                                                                                                                • Opcode Fuzzy Hash: 29cbfb90e9ab8f242ed3649f4f9c598962fbe5c8d71a978c931ab760a42b19fd
                                                                                                                                • Instruction Fuzzy Hash: E02203BAA0CB42CBE7158E59D84033ABBA3AFE2314F5D856DE8594B341E771DC08C741
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: "
                                                                                                                                • API String ID: 0-123907689
                                                                                                                                • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                • Instruction ID: 8ad8a14403d03c0ee5c39e83b652586115a267334f76c628a504f794ec0994c6
                                                                                                                                • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                • Instruction Fuzzy Hash: 9FF10471A083417FC728CE28C49066BBBE6AFD5350F19C96EE89A87382D734DD45C792
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 29a92afcccd1073df7b7f628ed34c9501d0d6eec68b91171de34e6700e157e88
                                                                                                                                • Instruction ID: 51ac3a9528d41996ea50401c97a94d683e5b4d24ab0667f7ace7068441eb1905
                                                                                                                                • Opcode Fuzzy Hash: 29a92afcccd1073df7b7f628ed34c9501d0d6eec68b91171de34e6700e157e88
                                                                                                                                • Instruction Fuzzy Hash: D4E1AA75508346DBC314DF29C490A6EB7F2FFA8781F548A1CE4C587220E735E999CB82
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 55271e93e1a212e14b5f098991bcba49a5f8f1b6da68db5d2020979903224a5d
                                                                                                                                • Instruction ID: 993a41484e9344712f45dc5290a554861ead14640e9122a8344d04571abe091d
                                                                                                                                • Opcode Fuzzy Hash: 55271e93e1a212e14b5f098991bcba49a5f8f1b6da68db5d2020979903224a5d
                                                                                                                                • Instruction Fuzzy Hash: 89F19FB5600A01CFC724DF64D891A76B7F2FF69314B248A2DE49787A91EB34F855CB40
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 26b5ca19e0bc120d82e9cd2d578fce7e0cce94d26722dd21877d47fc32bd96cd
                                                                                                                                • Instruction ID: b72cf5a71de0faef4e19ed50a156a09eea7ffda888b0fa6f4d07cccd1a58185c
                                                                                                                                • Opcode Fuzzy Hash: 26b5ca19e0bc120d82e9cd2d578fce7e0cce94d26722dd21877d47fc32bd96cd
                                                                                                                                • Instruction Fuzzy Hash: 86C19C75908200AFD710AB14C882F2BB7F5EFA6754F49881CF8C59B291E735ED15CBA2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 5bbc8b9f59f3bd5650ad98aa35b944f763a552243135e4270e4bda92750da099
                                                                                                                                • Instruction ID: f7c366fadea97e7da303b3f3b2a77d1be5f5304f11793d87a1fa0bdd5d7952b2
                                                                                                                                • Opcode Fuzzy Hash: 5bbc8b9f59f3bd5650ad98aa35b944f763a552243135e4270e4bda92750da099
                                                                                                                                • Instruction Fuzzy Hash: 62D1D070618302DFD708DFA8DC90A3AB7E6FF99314F49886CE48687692D735E990CB51
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: P
                                                                                                                                • API String ID: 0-3110715001
                                                                                                                                • Opcode ID: ac4849f2639a3470d9e511036e357f46c6b3e398b9a49abd78fdd39ef83134f0
                                                                                                                                • Instruction ID: ceac155bfc21dd7a63b510f803c00dd8941866152098350d389de00086b70e32
                                                                                                                                • Opcode Fuzzy Hash: ac4849f2639a3470d9e511036e357f46c6b3e398b9a49abd78fdd39ef83134f0
                                                                                                                                • Instruction Fuzzy Hash: 5AD1F7729086A18FC725CE19D89072FB7E1EB84718F16862CE9B96B380CB71DC46C7C1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 2994545307-3233224373
                                                                                                                                • Opcode ID: a2366d100a89d544fdc023435bb2834c81e393c52860f09014fbf1f4fb5d0fd0
                                                                                                                                • Instruction ID: 653bec6eb088cd4e3144125407c485a92b87c97b9509b3ed902eb659355e0b6b
                                                                                                                                • Opcode Fuzzy Hash: a2366d100a89d544fdc023435bb2834c81e393c52860f09014fbf1f4fb5d0fd0
                                                                                                                                • Instruction Fuzzy Hash: AFB1CB70A083019BD714EF58D891B3BBBE2EBA6740F14492CE5C98B251E335EC55CBD2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ,
                                                                                                                                • API String ID: 0-3772416878
                                                                                                                                • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                • Instruction ID: 466480e4575a0ef09f166ba18319f87ddf94a9f651e9789b22735121167f7310
                                                                                                                                • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                • Instruction Fuzzy Hash: 1EB118711083819FD325CF18C89061BBBE1AFAA704F448A2DF5D997742D771EA18CBA7
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: dcb902b38b306c5e61ebd5b23489875c37dbdb66591c9b6f54fd5eeb4db78659
                                                                                                                                • Instruction ID: d7144a9862e9641accf0f7ef43d78d7beb61c969bab69d05361e6f48629b5b83
                                                                                                                                • Opcode Fuzzy Hash: dcb902b38b306c5e61ebd5b23489875c37dbdb66591c9b6f54fd5eeb4db78659
                                                                                                                                • Instruction Fuzzy Hash: 1581FE71118300EBD714EF69D884B2EB7E6FB99701F54882DF2C687291D730EA56CB62
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: fab207f03032b3860e3c7e7df3bd57ecb737f1785f6a7ecb0fa46791a9734951
                                                                                                                                • Instruction ID: 22e3e999d1f0acab5be48d69c048df18b015a8f471c51f174dc8e5d73c9d35a7
                                                                                                                                • Opcode Fuzzy Hash: fab207f03032b3860e3c7e7df3bd57ecb737f1785f6a7ecb0fa46791a9734951
                                                                                                                                • Instruction Fuzzy Hash: 2361C2B5908204DBD725EF58EC42ABAB3B1FF95354F480928F9858B252F731E950CB92
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 628e9bdae0ea3953ae44b4e2e24d9eca1120c71968e9817eff17351320378a7d
                                                                                                                                • Instruction ID: 087d1f0323025d3b656c2391af537da479464f696ec38a709af26b203ac8f0ba
                                                                                                                                • Opcode Fuzzy Hash: 628e9bdae0ea3953ae44b4e2e24d9eca1120c71968e9817eff17351320378a7d
                                                                                                                                • Instruction Fuzzy Hash: 2061DF71A08B819BD724DF26C880B3EB7E6EBC4314F69891CE9C987291D771EC50CB52
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: X2
                                                                                                                                • API String ID: 0-1774815677
                                                                                                                                • Opcode ID: ae87c0da8972cf08904704c1d4c0031a469beecd4bb5c12cbf03330d949685cd
                                                                                                                                • Instruction ID: 2d3b999ae401a63add932b3225db1294158e0f2eac48bca5605a09fef2a1dcd7
                                                                                                                                • Opcode Fuzzy Hash: ae87c0da8972cf08904704c1d4c0031a469beecd4bb5c12cbf03330d949685cd
                                                                                                                                • Instruction Fuzzy Hash: DB6168F39082109FE344AE2CDC95776F7D5EF98720F2A463DE9C9D3744E975A9008682
                                                                                                                                Strings
                                                                                                                                • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 001AE333
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                                • API String ID: 0-2471034898
                                                                                                                                • Opcode ID: 3f0af2c9a92f269b62dd45afc35d29d8404ec1d56602ac80afe6adbfa5dae59a
                                                                                                                                • Instruction ID: 6978fb59081526328c0e7cfe40635a7afc5e9ffd2cdb13a30e636d0395f219bf
                                                                                                                                • Opcode Fuzzy Hash: 3f0af2c9a92f269b62dd45afc35d29d8404ec1d56602ac80afe6adbfa5dae59a
                                                                                                                                • Instruction Fuzzy Hash: A651472BA196D04BD329897C5C913AA7AC70FE3334B3EC36AE9F18B3E0D65548018390
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: f9f2fe64779dc5098185f905a3d5b7c971b45aba4fdefa8759d7dd201b495f90
                                                                                                                                • Instruction ID: 03ee724524c57426444d14d1831c2b77cf1aba79ea175429684c9fd331b8c238
                                                                                                                                • Opcode Fuzzy Hash: f9f2fe64779dc5098185f905a3d5b7c971b45aba4fdefa8759d7dd201b495f90
                                                                                                                                • Instruction Fuzzy Hash: E3518274509A809BCB28DF16D888A2EB7E6EFC5748F14892CE4D6C7251D371DD90CB62
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: L3
                                                                                                                                • API String ID: 0-2730849248
                                                                                                                                • Opcode ID: ede385e28036497ff3209f5bd5aa0a46bca5607f855aef1dc439357f54857a22
                                                                                                                                • Instruction ID: 6fdfa1bdc217596de2cd9e31256d541972c865c16137d90fc7edf995019e57f1
                                                                                                                                • Opcode Fuzzy Hash: ede385e28036497ff3209f5bd5aa0a46bca5607f855aef1dc439357f54857a22
                                                                                                                                • Instruction Fuzzy Hash: D54152B4008380ABC7149F64C8A4A6FBBF0BF86314F44891CF9C59B291D736C905CB56
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: fb7967dda5ca3e5209490f5e949c397dbfd94e5019d232de6d68875e2188af9f
                                                                                                                                • Instruction ID: fa93f6908be385e39ee69d76049b0147de2a9f8f0715eae072493decbc689df0
                                                                                                                                • Opcode Fuzzy Hash: fb7967dda5ca3e5209490f5e949c397dbfd94e5019d232de6d68875e2188af9f
                                                                                                                                • Instruction Fuzzy Hash: 773126B1A04781ABD711EE56DC81B3FB7E9EB99784F540828F88587252E371DC50CBA3
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 72?1
                                                                                                                                • API String ID: 0-1649870076
                                                                                                                                • Opcode ID: 642fe2d658da19f8aaffe620af31df2add0ba78868c31d845760e83323c5099b
                                                                                                                                • Instruction ID: 2a2349d9b45d82b553606439466cdeacb743d143aa97a38e051e9b90529987be
                                                                                                                                • Opcode Fuzzy Hash: 642fe2d658da19f8aaffe620af31df2add0ba78868c31d845760e83323c5099b
                                                                                                                                • Instruction Fuzzy Hash: ED31BFB5A00344DFCB20CF95E880ABEB7F4BB2A304F14042CE446A7601D335EA44CBE2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 4e3e75164dcc289abcff22aa021ff8f665e9dd982140c73bb88a4e31eeede975
                                                                                                                                • Instruction ID: b66b95b372df1e5b56403b4d7511f7b8f9631a3b9be75844a28aafd73ec5d442
                                                                                                                                • Opcode Fuzzy Hash: 4e3e75164dcc289abcff22aa021ff8f665e9dd982140c73bb88a4e31eeede975
                                                                                                                                • Instruction Fuzzy Hash: 6D414675605B04DBD7349F61C994B26BBF2FB4A705F64891DF6869BAA1E331F800CB10
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 72?1
                                                                                                                                • API String ID: 0-1649870076
                                                                                                                                • Opcode ID: b8d0cac040201ef3dadcd4111d29a833bd9435be891a57b01a1e4a3ecebaaa4a
                                                                                                                                • Instruction ID: 90452d7b4ea41a24cbb56289feef24b4d51f7938762918b1f96e9e996732d673
                                                                                                                                • Opcode Fuzzy Hash: b8d0cac040201ef3dadcd4111d29a833bd9435be891a57b01a1e4a3ecebaaa4a
                                                                                                                                • Instruction Fuzzy Hash: 16218BB5A00344DFCB208F95D990ABFBBF5BB2A744F14081CE446AB641D335EA40CBA2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 2994545307-2766056989
                                                                                                                                • Opcode ID: 111227ea815b2ca7e26f66bc749d430abcae8047c1ac32634662ee600be5a65b
                                                                                                                                • Instruction ID: fe7c75ffd062866412809f5010a39194813ebab058fc7ebe13a8e4f5b1a263cd
                                                                                                                                • Opcode Fuzzy Hash: 111227ea815b2ca7e26f66bc749d430abcae8047c1ac32634662ee600be5a65b
                                                                                                                                • Instruction Fuzzy Hash: 5A3196709087808BD314EF16D880A2EFBFAFF9A354F54892CE2C897251D335D804CBA6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 42918f98273e269df0005ce94efc96545a84fc0396d084b6c30bd70845ceb0d3
                                                                                                                                • Instruction ID: e856fdc966efb430646e90720b85de3e92d274dd1d514af6cb245b6703b4e1d1
                                                                                                                                • Opcode Fuzzy Hash: 42918f98273e269df0005ce94efc96545a84fc0396d084b6c30bd70845ceb0d3
                                                                                                                                • Instruction Fuzzy Hash: 7E6259B4600B408FD735DF24D890B67BBF6AF5A700F54892CE49A8BA52E774F844CB90
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                • Instruction ID: 507ad311735dbc54e7bdf5341b03847f8bb5147219986f24e0aac77d0d8f2774
                                                                                                                                • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                • Instruction Fuzzy Hash: 1B520939A087118BC725DF18D4802BBB3E1FFDA319F294A2DD9C697291D734A851CBC6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f58b5f5ef2d307db013a14e4c5059042b5f3593e80c2ad09069cdf7d245cb0e2
                                                                                                                                • Instruction ID: d56abced1c23881965aa3790b7585f26c98b5c0f45bc6de9f4fb311eb83d3aef
                                                                                                                                • Opcode Fuzzy Hash: f58b5f5ef2d307db013a14e4c5059042b5f3593e80c2ad09069cdf7d245cb0e2
                                                                                                                                • Instruction Fuzzy Hash: 2B22983560C381CFC704DF69E89062EBBE1FB8A315F0A896DE58987751D735E990CB82
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b56dc76b84ed13ac03aff9b6c15e8f8a23f2515738e7318335d252ec891f08c5
                                                                                                                                • Instruction ID: 0083846717610e36355b3792cd0a9e47241d3bd014e6787a54abb49064563994
                                                                                                                                • Opcode Fuzzy Hash: b56dc76b84ed13ac03aff9b6c15e8f8a23f2515738e7318335d252ec891f08c5
                                                                                                                                • Instruction Fuzzy Hash: 3022983560C381DFC704DF68E89062EBBE1FB8A305F0A896DE58987751C735E990CB82
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 77606a8fdd64b668651e838f6db605ad0756e8fbf62c0cbd1431a8968fe12466
                                                                                                                                • Instruction ID: 65fe0c0263b6501735c971057f98deeb74744aa4df94f99bdefc61b98dee4134
                                                                                                                                • Opcode Fuzzy Hash: 77606a8fdd64b668651e838f6db605ad0756e8fbf62c0cbd1431a8968fe12466
                                                                                                                                • Instruction Fuzzy Hash: 3152917490CBC88FE735CB24C4C47A7BBE2AB92314F14892DC6E646B83C779A985C751
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c17019a95ed1961c73475b214cea88c55d46d0029dfad378e4cf0f5d786e616b
                                                                                                                                • Instruction ID: bd9d03887f6198efe1844ea69b295352d400439734bddba0858120803867c515
                                                                                                                                • Opcode Fuzzy Hash: c17019a95ed1961c73475b214cea88c55d46d0029dfad378e4cf0f5d786e616b
                                                                                                                                • Instruction Fuzzy Hash: F352E37550C3458FCB19CF28C4906BABBE1BF8A314F198A6DF89957382D734DA49CB81
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 31e05287026ca1bc218a7985578b6a1bf863fe56f8781beebdf7aaee9e90ec72
                                                                                                                                • Instruction ID: 1b8bd68432c0b098f14f21d7877096bb781c502a37fad0e150123b5edae06c39
                                                                                                                                • Opcode Fuzzy Hash: 31e05287026ca1bc218a7985578b6a1bf863fe56f8781beebdf7aaee9e90ec72
                                                                                                                                • Instruction Fuzzy Hash: 46426679608341DFD708CF28D89076ABBE1BF89315F09886DE4858B7A1D735D985CF82
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 02287ccba68269a47849fac2328bfda5370e71d27df820b43f65ce7a5dbf0ec3
                                                                                                                                • Instruction ID: 43696ae91fd41dc6e981e5cce63bf66d71b48bb4b8843c60812da3fded52f0f2
                                                                                                                                • Opcode Fuzzy Hash: 02287ccba68269a47849fac2328bfda5370e71d27df820b43f65ce7a5dbf0ec3
                                                                                                                                • Instruction Fuzzy Hash: 1E320278514B118FC368CF29C99056ABBF2BF46710B604A2ED6A787F90D736F945CB10
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a73507369f049b2b9be78d38f87ec3e38e699af22743ffa918bd6da61ffa9b86
                                                                                                                                • Instruction ID: dda7d5fad5fb77cc1ec1d38fa03cdb8b63152dcfb2380380661b84960b879141
                                                                                                                                • Opcode Fuzzy Hash: a73507369f049b2b9be78d38f87ec3e38e699af22743ffa918bd6da61ffa9b86
                                                                                                                                • Instruction Fuzzy Hash: A202AA35608281DFC704DF69E89062EBBE5FF8A305F09896DE58987761C335E990CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e1890b07b2768ba2c5b8491353535a1cd9b9d48b06cf3c2d3dd25454617d5995
                                                                                                                                • Instruction ID: 71eaa6ad9e8692fa46bc23da80de82d8319fd5dccc068959fd4f406ea28b313b
                                                                                                                                • Opcode Fuzzy Hash: e1890b07b2768ba2c5b8491353535a1cd9b9d48b06cf3c2d3dd25454617d5995
                                                                                                                                • Instruction Fuzzy Hash: 53F1973560C381DFC704DF69E89062EBBE5AF8A305F09892DE5C987251D336E950CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 66ebd0a2849a3911b03efbfaf7516e19a3844e53fb5286a4243a501a370e0541
                                                                                                                                • Instruction ID: dada236092f19259e7ec4a103483299b4bf8962179290be7c156dcc4a8ff5e5e
                                                                                                                                • Opcode Fuzzy Hash: 66ebd0a2849a3911b03efbfaf7516e19a3844e53fb5286a4243a501a370e0541
                                                                                                                                • Instruction Fuzzy Hash: 79E1BD35608291CFC704DF28E89062EB7E6FB8A315F09896CE5C987351D736E950CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                • Instruction ID: 40c4927d703cd0ae2fac9d992e2c5e8133bbaf752ce1bc20ff4b79b5c7f23b7c
                                                                                                                                • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                • Instruction Fuzzy Hash: B3F1BD7A6083418FC724CF69C88166BFBE2AFD9300F48882DE4D587751E739E945CB96
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3c284045650274ca5b6503ba74935fc96442b8dc79a62d4c956a55477454dd27
                                                                                                                                • Instruction ID: fe2994b4bff1837cfe569c84a0eff062fd3ae33f02ef6b9fe3f93a72858a9ccf
                                                                                                                                • Opcode Fuzzy Hash: 3c284045650274ca5b6503ba74935fc96442b8dc79a62d4c956a55477454dd27
                                                                                                                                • Instruction Fuzzy Hash: C4D1983460C281DFD704EF29E89062EFBE5FB8A305F49896DE5C987251D736E850CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e187da15262b3246747b95ab97835bd87db4a7d5740054a0deba1bcc7bcf15f0
                                                                                                                                • Instruction ID: 7e7a95d74d815b2d4f310a0c67046db444d86b04c3388246a29b902b408acb41
                                                                                                                                • Opcode Fuzzy Hash: e187da15262b3246747b95ab97835bd87db4a7d5740054a0deba1bcc7bcf15f0
                                                                                                                                • Instruction Fuzzy Hash: DAE1FFB5601B408FD325CF28D992B97B7E1FF06708F04886CE4AACBA52E775B815CB54
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0f13bf549e6959efd95cd54072180bb20dd5929f3aa512bda16b3eba7e31d0a3
                                                                                                                                • Instruction ID: 4eb0c949fbaf1f9b68b39e761e9e5705b4c1955c5d171d01358a24df3b7cf5c4
                                                                                                                                • Opcode Fuzzy Hash: 0f13bf549e6959efd95cd54072180bb20dd5929f3aa512bda16b3eba7e31d0a3
                                                                                                                                • Instruction Fuzzy Hash: DCD1133661C791CFC714CF38D88052ABBE2BB99354F498A6DE495C7791D330EA84CB91
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a2541992c2333f83def5673dca97644c82fc21fbf31c71ca6aba34ee94057fb7
                                                                                                                                • Instruction ID: b7aaae584a1d7f9351203609ce863870883599f4f95085c217c36f5406027c38
                                                                                                                                • Opcode Fuzzy Hash: a2541992c2333f83def5673dca97644c82fc21fbf31c71ca6aba34ee94057fb7
                                                                                                                                • Instruction Fuzzy Hash: DFB1F272A087904BE324DA6ADC4177FB7E9AFC5314F08492CF99997381E735DC048792
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                • Instruction ID: 0652964a46fd7bd82dbea7a4b98ecf318d3afd86cc439332c9cc124bfb1d9658
                                                                                                                                • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                • Instruction Fuzzy Hash: 8DC15EB2A487418FC370CF68DC967ABB7E1BF85318F08492DD1D9C6242E778A155CB46
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6fd915281a8149b1a81435d5a6c775a1d7de7eb6b49b16fd7e13ffa3f0c0b599
                                                                                                                                • Instruction ID: 2b60deed528683398df6ffc6e537db2e17cb9b23dbe268058f9007651a41d51d
                                                                                                                                • Opcode Fuzzy Hash: 6fd915281a8149b1a81435d5a6c775a1d7de7eb6b49b16fd7e13ffa3f0c0b599
                                                                                                                                • Instruction Fuzzy Hash: 17B102B4600B408FD321CF24D991B67BBF1AF56704F14885CE8AA8BB52E779F805CB65
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 3bd831927593d63926b561ef3981d58968f4c06305d9ab47c2cbc3cac2b3899c
                                                                                                                                • Instruction ID: 5dde2a928f932278f0a609475ff914429ef6dcec372a8c67d00902be60198035
                                                                                                                                • Opcode Fuzzy Hash: 3bd831927593d63926b561ef3981d58968f4c06305d9ab47c2cbc3cac2b3899c
                                                                                                                                • Instruction Fuzzy Hash: F491AE71A0C781ABE720DB16D844B6FB7E6EB95354F54482CF58587392E730E940CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0ad3c6ff44a1f4f475bb8ad9d2145668e6f88f2ff06c2a07a585502cf4085948
                                                                                                                                • Instruction ID: ff906525a12c836ec1fe1999d4f9093463d5a07b85acd7ec9a700fabcb6e2ee0
                                                                                                                                • Opcode Fuzzy Hash: 0ad3c6ff44a1f4f475bb8ad9d2145668e6f88f2ff06c2a07a585502cf4085948
                                                                                                                                • Instruction Fuzzy Hash: 72819034208B828BD724DF2AD890A2EB7F5FF55740F95896CE586CB251E731EC50CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4953f8481c21e5bf8b2ceb299749342d3ba25992d35cb2324b7645a82e2f8213
                                                                                                                                • Instruction ID: 76e1a0a33bb7d05b29e8c878cd26665dd439cddda9607f17c3f10a780fd8b403
                                                                                                                                • Opcode Fuzzy Hash: 4953f8481c21e5bf8b2ceb299749342d3ba25992d35cb2324b7645a82e2f8213
                                                                                                                                • Instruction Fuzzy Hash: 4971C833B1999047C7189D7C5C9139ABA535BD6334B3EC37AA9B4CB3E5D7298C064390
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d87780ea15baedbd4e305f03c23674aee29b6a10c87c18a666c1c67f3bf48dda
                                                                                                                                • Instruction ID: 046a3937dc07c9bedf79e5d2af146557c26f583ef543d9078598798841d62b06
                                                                                                                                • Opcode Fuzzy Hash: d87780ea15baedbd4e305f03c23674aee29b6a10c87c18a666c1c67f3bf48dda
                                                                                                                                • Instruction Fuzzy Hash: DA6167B45083509BD311AF18D891B2ABBF0EFA6764F18491CE4C58B262E339D910CBA7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6ffaa79a6a607eed214769931c6d7b7644f0d0fc30a045d8bb214d2c57d2e041
                                                                                                                                • Instruction ID: afbee301fece3ee4a211f17d0c1d018fd50acc443024c53247fce4606d97891f
                                                                                                                                • Opcode Fuzzy Hash: 6ffaa79a6a607eed214769931c6d7b7644f0d0fc30a045d8bb214d2c57d2e041
                                                                                                                                • Instruction Fuzzy Hash: 7651BFB16082059BDB209B64CC82FB733B4EFA5764F14495CF9868B2D1F3B5D801CB66
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                • Instruction ID: 6e72c62dddabd7bb01be5f65aac23dd24ba3661de29870d97c4eb49c7f0d392e
                                                                                                                                • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                • Instruction Fuzzy Hash: BA61AB32609391BBD718CE68C59072FBBE2ABC5350F69C92FE4898B391D370DD859742
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 11692bbc8320a41c401fd1db41db3503ce395dd90247d616d8dcf5efc1db8c3e
                                                                                                                                • Instruction ID: 2f327aa8ac73dc55f978e79da3d50951787122b9767f98c29f5492a74e5c1c41
                                                                                                                                • Opcode Fuzzy Hash: 11692bbc8320a41c401fd1db41db3503ce395dd90247d616d8dcf5efc1db8c3e
                                                                                                                                • Instruction Fuzzy Hash: 05613B33B5A9904BC318453D5C953AA6A832BD2730F3FC367D9B58B3E5CF6988424381
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 01ddbbc779264a4c709da3b4c340cb8e2527a9c5a4987a19be4332bde6a5acdb
                                                                                                                                • Instruction ID: 1de13c846639e6b40b2492e440b67d57d5a5925e0c238edb62485db0436ca9f2
                                                                                                                                • Opcode Fuzzy Hash: 01ddbbc779264a4c709da3b4c340cb8e2527a9c5a4987a19be4332bde6a5acdb
                                                                                                                                • Instruction Fuzzy Hash: 1A81CFB4C10B40AFD360EF39D947797BEF4AB06201F404A1DE8EA96695E7306459CBE3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3aa745fa63b645de67f9f04ef23f14de6cc7e0c15f13f893fe52a7f4cd5b03de
                                                                                                                                • Instruction ID: b1bb3d3d95d13a96e08da379bdf0499a2104752d0b0e3392e2610c4a0b532aeb
                                                                                                                                • Opcode Fuzzy Hash: 3aa745fa63b645de67f9f04ef23f14de6cc7e0c15f13f893fe52a7f4cd5b03de
                                                                                                                                • Instruction Fuzzy Hash: 64514BF3A082109BF3006E29EC457AABBD9DB85374F1B443DDA84A7754E93A98058792
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3bc605dead577334730c9e821df07017fa0cfc0c312011e2e734ca33424384ec
                                                                                                                                • Instruction ID: 12d89f53a438864708fb43ed145a798b8ac6ed978db0272c672d770d17b4160d
                                                                                                                                • Opcode Fuzzy Hash: 3bc605dead577334730c9e821df07017fa0cfc0c312011e2e734ca33424384ec
                                                                                                                                • Instruction Fuzzy Hash: 31616BB3F116254BF3844938CC6836276939BD1324F3F82788A69AB7D5D93E9D0A5384
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 323413687a36c7b2c6c24f08e9d589423d95715bdf94e4a3e62b62a74ea4380c
                                                                                                                                • Instruction ID: 335c03530e5c70ee28bf2fe6699ed97b452301938aaac53c16a58b8274341820
                                                                                                                                • Opcode Fuzzy Hash: 323413687a36c7b2c6c24f08e9d589423d95715bdf94e4a3e62b62a74ea4380c
                                                                                                                                • Instruction Fuzzy Hash: 9E5137F3E181105BE3085A38DD6577ABBD6E7D4770F2B463DEA8AD3784DE3848018292
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                • Instruction ID: dc072a58edb6a2b1604dd57928065d9dbafffcee5796d19446ea99db6524a6df
                                                                                                                                • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                • Instruction Fuzzy Hash: E2515CB16087549FE314DF69D49435BBBE1BBC5318F044E2EE4E987390E379DA088B82
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 15af1d72b02fdf0a4b9aa0ca6e367b40ebdfa30856aceb222edf1451cbf7477a
                                                                                                                                • Instruction ID: 293aa8f4a4699cd709ed0359d776aba8d2db50a4e1ed5540a7f926f8758d00e5
                                                                                                                                • Opcode Fuzzy Hash: 15af1d72b02fdf0a4b9aa0ca6e367b40ebdfa30856aceb222edf1451cbf7477a
                                                                                                                                • Instruction Fuzzy Hash: 9451173160CA409BE7159E1ADC90B3EB7E2FB89358F288A2CE5D5573D1D731AC00C751
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9b537c63cb6cd2cf56a03268dac5793769b6529f580dccff83a03eae0d2a96b9
                                                                                                                                • Instruction ID: 7309ec7e519525577cf7b89e64a26e847708753e5a31453270c3fd1c2c749ae4
                                                                                                                                • Opcode Fuzzy Hash: 9b537c63cb6cd2cf56a03268dac5793769b6529f580dccff83a03eae0d2a96b9
                                                                                                                                • Instruction Fuzzy Hash: 3C51D3B9A087049FC714DF18C89092AB7A6FF96364F15466CF8968B352D731EC42CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6c47be05b4f2cadbcf8771d8b0d053baa1d521ca5cc988a1e32e8d5c569f43a2
                                                                                                                                • Instruction ID: 3c6bb9943b32e66a747865b0e082f44395bce96a6085c4b46f5395a931945edb
                                                                                                                                • Opcode Fuzzy Hash: 6c47be05b4f2cadbcf8771d8b0d053baa1d521ca5cc988a1e32e8d5c569f43a2
                                                                                                                                • Instruction Fuzzy Hash: F041AEB8900319DBDF208F94DC91BBDB7B0FF1A300F144548E945AB3A0EB39A950CB95
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b6caf767d8621cab7cbcfb2db997f5bb92c66411b8ccfbb2eb7d518c428ba14e
                                                                                                                                • Instruction ID: 7ec429b5cc726455683f604b66e4c16c4a293bc8a8b29a446d220314b63b0b2c
                                                                                                                                • Opcode Fuzzy Hash: b6caf767d8621cab7cbcfb2db997f5bb92c66411b8ccfbb2eb7d518c428ba14e
                                                                                                                                • Instruction Fuzzy Hash: ED41C074608780ABD714EF16D990B2FBBF6EB85754F64882CF58A97251D335EC00CB62
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 809fed6f3df2a7b13d98b19ee07130e999faeb7ca63cb00a1f9ddf033cdbec91
                                                                                                                                • Instruction ID: 6bc382d53aa71163f363226a72b2a99c37d27250b7976a92b560eaf6490d568f
                                                                                                                                • Opcode Fuzzy Hash: 809fed6f3df2a7b13d98b19ee07130e999faeb7ca63cb00a1f9ddf033cdbec91
                                                                                                                                • Instruction Fuzzy Hash: F241F732A083654FD35CCE29849427ABBE2ABC5300F19862EF4D68B3D4DB748949D781
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f035b751a9ff82969f60f7d650759478618801f66ee5792ca94464a917063847
                                                                                                                                • Instruction ID: 9ca89039895859d6fffcd51a3daa787491aef32e6336a7ec2cf26e64d2e7ffcb
                                                                                                                                • Opcode Fuzzy Hash: f035b751a9ff82969f60f7d650759478618801f66ee5792ca94464a917063847
                                                                                                                                • Instruction Fuzzy Hash: 5C41F174508380ABD321AB58C894B2EFBF5FB9A744F144D1CF6C497292C376E818CB66
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 628fc81e14527ca673defa78bed102aa5fcd33321b3087c12a9aa784044981ea
                                                                                                                                • Instruction ID: ef5e81d0c11d025a0c578b6edf5b6b16ad993021bd45e7dfc30d1e2c740c87bd
                                                                                                                                • Opcode Fuzzy Hash: 628fc81e14527ca673defa78bed102aa5fcd33321b3087c12a9aa784044981ea
                                                                                                                                • Instruction Fuzzy Hash: D541C33160C7948FC714DF69C89052EFBE6AF9A300F198A2DD4D9D7291DB75ED018B82
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 25323be8b8a347ac169671b1d4021c9b51145501a2f9386964606d5cf5b844ee
                                                                                                                                • Instruction ID: 14b1443349b9fa66b5167c20a364ce88b43dd65b07ec2e53fccb6e76075a8f09
                                                                                                                                • Opcode Fuzzy Hash: 25323be8b8a347ac169671b1d4021c9b51145501a2f9386964606d5cf5b844ee
                                                                                                                                • Instruction Fuzzy Hash: A1419DB56083818BD7349F14D841BEBB7B0FFA6364F040968E48A8BA52E7744940CB93
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                • Instruction ID: cc28ce38684c09c3dd98e17aec46760054eb58a11714371f14324c24c8aebf1e
                                                                                                                                • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                • Instruction Fuzzy Hash: D82137329082244BC3249B1DC88063BF7E5EB99704F06C63EE8C5A7395E3359D1587E1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ae9fa8e8241c9d276893f8718d64698f346a59e238769342a5b568ff44f0915c
                                                                                                                                • Instruction ID: edf4006c164e6dfcfbd7cac670c588035dd70d08c9afc44f2f360006b0be432f
                                                                                                                                • Opcode Fuzzy Hash: ae9fa8e8241c9d276893f8718d64698f346a59e238769342a5b568ff44f0915c
                                                                                                                                • Instruction Fuzzy Hash: 3F3107705187829AE714CF15C490A2FFBF0EFA6788F94590DF4C8A7261D334D985CB9A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 569f2c589fbbda76639e0a104cbca20128c72c365b7d01f2db4a1cefd6083b77
                                                                                                                                • Instruction ID: 9d3d508553f13e718722e76232eeabacf5f4993a4b7368a990d4da4ea1d240eb
                                                                                                                                • Opcode Fuzzy Hash: 569f2c589fbbda76639e0a104cbca20128c72c365b7d01f2db4a1cefd6083b77
                                                                                                                                • Instruction Fuzzy Hash: 9421A1B45086019BC314AF28C851E6BF7F5EFA6764F44890CF4D99B292E334E940CBA3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                • Instruction ID: 2fceec929c436cecbcbe48adf188c43e262d8ba6099c3f7064ca799f2b00e152
                                                                                                                                • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                • Instruction Fuzzy Hash: 7831E5396482009FD7149E18D880A2BB7E1EFCA359F18892CE89B8B251D371DC52CB86
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c1ae62643e461ee76d518c87453fd225e3079097d069cf22e4616c60d2d6c960
                                                                                                                                • Instruction ID: fcd311ff15bf2ab09866e4722c0118ba89628d4791c9b8b993a987aecca4a1cf
                                                                                                                                • Opcode Fuzzy Hash: c1ae62643e461ee76d518c87453fd225e3079097d069cf22e4616c60d2d6c960
                                                                                                                                • Instruction Fuzzy Hash: C3214C7050C681DBD705EF1AD49092EFBF6FBA5785F68881CE4C5933A1C335A850CB62
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9a7e24be6eff38c8cda1023fea1de5e873c42ae7d10fcb6fe24dde87ad25d077
                                                                                                                                • Instruction ID: faa931af12736cc5d34286cb7c576893e6a1ba695b04c5a3791640c3e271ce79
                                                                                                                                • Opcode Fuzzy Hash: 9a7e24be6eff38c8cda1023fea1de5e873c42ae7d10fcb6fe24dde87ad25d077
                                                                                                                                • Instruction Fuzzy Hash: 5D119E7191C680EBC301AF29E845A2FBBF6AF96714F45882CE4C49B211D335D961CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                • Instruction ID: a5b9d358553ce468ab2effc54a2673104f509e266d0862fc6f0c3cf8da6e8f39
                                                                                                                                • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                • Instruction Fuzzy Hash: 3B11E933A091D48EC7168D3C84805B9BFA31AA3634B5A439EF4B59B3D2D722CD8A8354
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                • Instruction ID: 9537eb9ef61f95b277ba02003ee3aab348f7d75bd914877c292f40fa62867f62
                                                                                                                                • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                • Instruction Fuzzy Hash: 9E0184FDB043024BE721DE5494D1B3BB2A86F99718F18452FE84657302EB76EC05C6D1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 81fdc439504fd121950e3b0dc7ced0bb17ee09ec6d314a117f2f1d8345cb4c18
                                                                                                                                • Instruction ID: eede983ed623c7a91b466f5aa209dcfdd9f4424ab9b911b4cc1f431df340341f
                                                                                                                                • Opcode Fuzzy Hash: 81fdc439504fd121950e3b0dc7ced0bb17ee09ec6d314a117f2f1d8345cb4c18
                                                                                                                                • Instruction Fuzzy Hash: 5C11ECB0408380AFD3109F618494A2FFBE5EBA6714F148C1DF6A49B251C379E859CF56
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d680bdcd72a49235f3caecab10ddd17627e5f364b646ae92bcf217afb63fce35
                                                                                                                                • Instruction ID: 7a705b09282c0e585c026cd0f42487ec990cf1c386f3a8c23099bcb7ef8262cb
                                                                                                                                • Opcode Fuzzy Hash: d680bdcd72a49235f3caecab10ddd17627e5f364b646ae92bcf217afb63fce35
                                                                                                                                • Instruction Fuzzy Hash: 9FF0E93E71D21A0FA610CDAAE8C483BF3D6D7DA365B195538EE41D3601DE72E80691D0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                                                                • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                                • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                • Instruction ID: 98eed5c5eeccc9cedde13e50936748e89a2f6307a01687c57aabffae53dddf2f
                                                                                                                                • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                • Instruction Fuzzy Hash: 0BF0ECB16085105BDF228A549CC0FB7BB9CDB9B354F190436F84657903D3A19845C3E5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a20eb5929e64dd8aa371c70254591160fde9158b5ceba737206e3d3007fd04b2
                                                                                                                                • Instruction ID: 3642625918e5c370af43c1ea86e3189e8c4eb20c42e6fb2ecc67f208f0584cb5
                                                                                                                                • Opcode Fuzzy Hash: a20eb5929e64dd8aa371c70254591160fde9158b5ceba737206e3d3007fd04b2
                                                                                                                                • Instruction Fuzzy Hash: 0301E4B0410B409FC360EF29C94574BBBE8EB08714F104A1DE8AECB680D770A5848B82
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                • Instruction ID: da6cd1e98dd0bed621df756052f26f224983d79404594411ab1dc20090ab7095
                                                                                                                                • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                • Instruction Fuzzy Hash: 5CD0A731608761969F748E1AA40097FF7F0EAC7B11F49955EF586E3288D330DC41C2A9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 84755b3a942418f8cc30f8f4799bd67ec06a1f6f2a62cacc142e1d8a08b6ea44
                                                                                                                                • Instruction ID: 19a551aee3bca92599eb891e96ba80f863ad221e041de5a98c3d393c4c2dbdd2
                                                                                                                                • Opcode Fuzzy Hash: 84755b3a942418f8cc30f8f4799bd67ec06a1f6f2a62cacc142e1d8a08b6ea44
                                                                                                                                • Instruction Fuzzy Hash: 7AC08C34A190808BC208DF94FCE583AB3B8A307308740B03EDE03FBAA1CB20D443C909
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 80a077e1bbccc7e10263a31861b8d12afa0ff16c1d22aba8c8848a52a96231db
                                                                                                                                • Instruction ID: fa797a74b0cdac82d3ed4b4cf410e4e51c0dc1fb9e41deac6c20af6e7545da3e
                                                                                                                                • Opcode Fuzzy Hash: 80a077e1bbccc7e10263a31861b8d12afa0ff16c1d22aba8c8848a52a96231db
                                                                                                                                • Instruction Fuzzy Hash: 82C09B3465C44087920CCF05D961575F3779BD7718724B01EC82623655C134D552D51C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 23abc78b56f6d31fe260d01b988f29bea56cf01f633dbb91c5ab240ad35216c6
                                                                                                                                • Instruction ID: 0de3a4fc6068fca4fbb83a5daef114c838a0fe10b56b8baeb12975b36711ca48
                                                                                                                                • Opcode Fuzzy Hash: 23abc78b56f6d31fe260d01b988f29bea56cf01f633dbb91c5ab240ad35216c6
                                                                                                                                • Instruction Fuzzy Hash: 76C04C24A590848A82489ED5A8E1475A3A99306208751703E9A02EB6A1C660D4468509
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2081358355.00000000001A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 001A0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2081341597.00000000001A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081394997.0000000000200000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081411692.000000000020C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081513272.0000000000368000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081529809.000000000036A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081549022.000000000038A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081585080.000000000039D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081600568.00000000003A3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081619703.00000000003B8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081634833.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081651157.00000000003C5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081667097.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081686257.00000000003E4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081701085.00000000003E6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081715437.00000000003E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081731113.00000000003EC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081745583.00000000003ED000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081761278.00000000003F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081776698.00000000003FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081791500.00000000003FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081807148.0000000000407000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081822222.000000000040A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081837639.000000000040B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081852587.000000000040E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081868071.0000000000415000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081882889.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081897680.0000000000419000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081913295.0000000000421000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081928805.0000000000422000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081943360.0000000000423000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081959255.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2081974290.0000000000468000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082023347.0000000000495000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082040827.0000000000497000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.0000000000498000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082055457.000000000049D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082088308.00000000004AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2082103593.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_1a0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 899d851342e826580b25fb5a7833927119e53d2707e0caaa2a0f9c872e1e1d05
                                                                                                                                • Instruction ID: ba2f441b2396ea40d35df3d0d207fa03ac4f5c711b71f7f5eb27c460090b6d1e
                                                                                                                                • Opcode Fuzzy Hash: 899d851342e826580b25fb5a7833927119e53d2707e0caaa2a0f9c872e1e1d05
                                                                                                                                • Instruction Fuzzy Hash: DFC09234B680008BA24CCF18DD61935F2BA9B8BA18B14B02EC816A3A5AD134D552C60C