Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1541754
MD5:4cc039ac299c83b717d9ca4cc319a298
SHA1:05b8fa480d1252e5decdfe29f74cc89111e6d445
SHA256:9d2a579421ad8b4777632bcfd2d713c19973fe0e7dfc0a3edfb4632085bb6052
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 4268 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 4CC039AC299C83B717D9CA4CC319A298)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["bathdoomgaz.store", "spirittunek.store", "licendfilteo.site", "studennotediw.store", "clearancek.site", "eaglepawnoy.store", "dissapoiznw.store", "mobbipenju.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T05:21:03.539369+020020564771Domain Observed Used for C2 Detected192.168.2.5561471.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T05:21:03.481298+020020564711Domain Observed Used for C2 Detected192.168.2.5542801.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T05:21:03.517507+020020564811Domain Observed Used for C2 Detected192.168.2.5621261.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T05:21:03.505756+020020564831Domain Observed Used for C2 Detected192.168.2.5564261.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T05:21:03.570002+020020564731Domain Observed Used for C2 Detected192.168.2.5553341.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T05:21:03.494084+020020564851Domain Observed Used for C2 Detected192.168.2.5624181.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T05:21:03.551204+020020564751Domain Observed Used for C2 Detected192.168.2.5508641.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T05:21:03.528270+020020564791Domain Observed Used for C2 Detected192.168.2.5595141.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T05:21:05.056705+020028586661Domain Observed Used for C2 Detected192.168.2.549704104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Found malware configuration
    Source: file.exe.4268.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["bathdoomgaz.store", "spirittunek.store", "licendfilteo.site", "studennotediw.store", "clearancek.site", "eaglepawnoy.store", "dissapoiznw.store", "mobbipenju.store"], "Build id": "4SD0y4--legendaryy"}
    Multi AV Scanner detection for domain / URL
    Source: eaglepawnoy.storeVirustotal: Detection: 20%Perma Link
    Source: licendfilteo.siteVirustotal: Detection: 18%Perma Link
    Source: spirittunek.storeVirustotal: Detection: 21%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_005FD110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_005FD110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_006363B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00635700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_0063695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_006399D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_005FFCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00600EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00634040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00606F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_0062F030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_005F1000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00636094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0061D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00612260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00612260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_006042FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_005FA300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_006223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_006223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_006223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_006223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_006223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_006223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0061C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00631440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0060D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0061E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0060B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_006364B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00637520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00606536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00619510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_005F8590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0061E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_0062B650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00637710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_006367EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0061D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_006128E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0060D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00633920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_005F49A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_005F5A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00634A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00601A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00601ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00639B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_0060DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_0060DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00603BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00601BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00620B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_0061EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_0062FC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00617C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00639CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00639CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_0061CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0061CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_0061CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_0061AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_0061AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0061DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_0061FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00638D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00617E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00615E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_0061AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00604E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00606EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_005FBEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00601E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_005F6EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00619F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0062FF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_005F8FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00637FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00637FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00635FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_0060FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00606F91

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.5:56426 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.5:62418 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.5:54280 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.5:59514 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.5:62126 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.5:55334 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.5:56147 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.5:50864 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 104.102.49.254:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.2079354374.0000000001641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec8103907e3e99aebe27b; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=7b4fd9d49ecb286094e89d59; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26105Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveFri, 25 Oct 2024 03:21:04 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080845177.0000000001625000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site/api
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
    Source: file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
    Source: file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
    Source: file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX
    Source: file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080845177.0000000001625000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://licendfilteo.site/api
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080845177.0000000001625000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spirittunek.store/api
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000002.2080657544.0000000001603000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080845177.0000000001625000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/i
    Source: file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080845177.0000000001625000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080657544.0000000001603000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000002.2080657544.0000000001603000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900_
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000002.2080879047.0000000001639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080894732.0000000001641000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079354374.0000000001641000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000002.2080879047.0000000001639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec81
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080845177.0000000001625000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://studennotediw.store/apiN
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49704 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006002280_2_00600228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006340400_2_00634040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006020300_2_00602030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005F10000_2_005F1000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063A0D00_2_0063A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B70_2_007B20B7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CC15A0_2_007CC15A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005F51600_2_005F5160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005F71F00_2_005F71F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007501CF0_2_007501CF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005FE1A00_2_005FE1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005F12F70_2_005F12F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006282D00_2_006282D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006212D00_2_006212D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005FA3000_2_005FA300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006223E00_2_006223E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005F13A30_2_005F13A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005FB3A00_2_005FB3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061C4700_2_0061C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006264F00_2_006264F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006044870_2_00604487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060049B0_2_0060049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BC5530_2_007BC553
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060C5F00_2_0060C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005F85900_2_005F8590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B759F0_2_007B759F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005F35B00_2_005F35B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C15830_2_007C1583
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005F164F0_2_005F164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0071F6550_2_0071F655
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006386520_2_00638652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062F6200_2_0062F620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006386F00_2_006386F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B06A80_2_007B06A8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C66810_2_007C6681
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006218600_2_00621860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005FA8500_2_005FA850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062B8C00_2_0062B8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062E8A00_2_0062E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AF9CC0_2_007AF9CC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006389A00_2_006389A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BA99C0_2_007BA99C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061098B0_2_0061098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00634A400_2_00634A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00637AB00_2_00637AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00638A800_2_00638A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060DB6F0_2_0060DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007ADB450_2_007ADB45
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B3B440_2_007B3B44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C4B370_2_007C4B37
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005F7BF00_2_005F7BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00638C020_2_00638C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061CCD00_2_0061CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00636CBF0_2_00636CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00618D620_2_00618D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061DD290_2_0061DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061FD100_2_0061FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00638E700_2_00638E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B8E5F0_2_007B8E5F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061AE570_2_0061AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00604E2A0_2_00604E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007BDE170_2_007BDE17
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007AEEC30_2_007AEEC3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00606EBF0_2_00606EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005FBEB00_2_005FBEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0081EE700_2_0081EE70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005FAF100_2_005FAF10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_005F8FD00_2_005F8FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00637FC00_2_00637FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007C2F9B0_2_007C2F9B
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 005FCAA0 appears 48 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0060D300 appears 152 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9994778774752475
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@9/1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00628220 CoCreateInstance,0_2_00628220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: file.exeString found in binary or memory: RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeP
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: file.exeStatic file information: File size 2944000 > 1048576
    Source: file.exeStatic PE information: Raw size of cfbkdpfd is bigger than: 0x100000 < 0x2a5600

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.5f0000.0.unpack :EW;.rsrc :W;.idata :W;cfbkdpfd:EW;hmwnthlj:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;cfbkdpfd:EW;hmwnthlj:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x2db6b8 should be: 0x2d20a4
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name: cfbkdpfd
    Source: file.exeStatic PE information: section name: hmwnthlj
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0084D0BD push eax; mov dword ptr [esp], ecx0_2_0084D0DF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008410C5 push edi; mov dword ptr [esp], ebx0_2_008410CA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008410C5 push 72006A0Eh; mov dword ptr [esp], edi0_2_008410F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008410C5 push eax; mov dword ptr [esp], 6A61EFDEh0_2_0084114C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008410C5 push edx; mov dword ptr [esp], eax0_2_00841177
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008410C5 push edx; mov dword ptr [esp], 58B93B1Eh0_2_00841180
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008410C5 push esi; mov dword ptr [esp], ebx0_2_008411E3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008B70E0 push 7CD90F93h; mov dword ptr [esp], edx0_2_008B70EA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00841046 push esi; mov dword ptr [esp], ecx0_2_0084104A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push 07FF251Eh; mov dword ptr [esp], edi0_2_007B20C5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push 07FDE046h; mov dword ptr [esp], ecx0_2_007B20CE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push ebp; mov dword ptr [esp], ebx0_2_007B214C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push ecx; mov dword ptr [esp], eax0_2_007B2179
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push 43E9D8B0h; mov dword ptr [esp], ebx0_2_007B218B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push 2F27422Eh; mov dword ptr [esp], esi0_2_007B2195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push 3458B400h; mov dword ptr [esp], edx0_2_007B2200
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push 3C4ADDA1h; mov dword ptr [esp], ecx0_2_007B2208
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push ebx; mov dword ptr [esp], esi0_2_007B224A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push esi; mov dword ptr [esp], ebx0_2_007B2270
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push eax; mov dword ptr [esp], 3FFEB129h0_2_007B2274
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push 534ABC18h; mov dword ptr [esp], esi0_2_007B22A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push eax; mov dword ptr [esp], ecx0_2_007B22CF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push 3C757B3Bh; mov dword ptr [esp], ecx0_2_007B23BD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push 224ACC44h; mov dword ptr [esp], eax0_2_007B23E9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push eax; mov dword ptr [esp], 47D3CC87h0_2_007B243C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push 39D1F2A1h; mov dword ptr [esp], ebp0_2_007B24BE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push eax; mov dword ptr [esp], 79FA0798h0_2_007B24E8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push 1CB249C0h; mov dword ptr [esp], esi0_2_007B2570
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push 67DD3DA3h; mov dword ptr [esp], esi0_2_007B2595
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push ecx; mov dword ptr [esp], ebp0_2_007B25F9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B20B7 push 7DEC4416h; mov dword ptr [esp], ebp0_2_007B2691
    Source: file.exeStatic PE information: section name: entropy: 7.974999917793135

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 654562 second address: 654567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 654567 second address: 654593 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB8F44FA2BEh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c jnl 00007FB8F44FA2ACh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 654593 second address: 653DBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 nop 0x00000006 sub dword ptr [ebp+122D247Dh], ebx 0x0000000c push dword ptr [ebp+122D14BDh] 0x00000012 cld 0x00000013 sub dword ptr [ebp+122D2471h], ecx 0x00000019 call dword ptr [ebp+122D1D9Ah] 0x0000001f pushad 0x00000020 sub dword ptr [ebp+122D1C94h], edx 0x00000026 xor eax, eax 0x00000028 mov dword ptr [ebp+122D211Dh], esi 0x0000002e mov edx, dword ptr [esp+28h] 0x00000032 add dword ptr [ebp+122D1DC2h], eax 0x00000038 jmp 00007FB8F4BE3CEEh 0x0000003d mov dword ptr [ebp+122D2C7Bh], eax 0x00000043 mov dword ptr [ebp+122D211Dh], ebx 0x00000049 mov dword ptr [ebp+122D2284h], ebx 0x0000004f mov esi, 0000003Ch 0x00000054 mov dword ptr [ebp+122D211Dh], ecx 0x0000005a pushad 0x0000005b cld 0x0000005c mov dword ptr [ebp+122D1DC2h], ecx 0x00000062 popad 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 cmc 0x00000068 lodsw 0x0000006a jmp 00007FB8F4BE3CEBh 0x0000006f add eax, dword ptr [esp+24h] 0x00000073 mov dword ptr [ebp+122D1C17h], edi 0x00000079 jl 00007FB8F4BE3CECh 0x0000007f mov dword ptr [ebp+122D2284h], eax 0x00000085 mov ebx, dword ptr [esp+24h] 0x00000089 or dword ptr [ebp+122D1C94h], esi 0x0000008f sub dword ptr [ebp+122D211Dh], edi 0x00000095 nop 0x00000096 jc 00007FB8F4BE3CF0h 0x0000009c pushad 0x0000009d push eax 0x0000009e push edx 0x0000009f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CC2AC second address: 7CC2B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CC2B7 second address: 7CC2C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FB8F4BE3CE6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CC2C5 second address: 7CC2CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CC2CA second address: 7CC2D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CC2D0 second address: 7CC2D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CC2D6 second address: 7CC2E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CC2E0 second address: 7CC2E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CC2E4 second address: 7CC2E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B5288 second address: 7B5292 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB8F44FA2ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B5292 second address: 7B52A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jc 00007FB8F4BE3CE6h 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B52A5 second address: 7B52B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B52B1 second address: 7B52B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CB391 second address: 7CB39D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CB39D second address: 7CB3A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CB3A3 second address: 7CB3C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CB785 second address: 7CB789 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CB789 second address: 7CB78D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CB78D second address: 7CB79D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FB8F4BE3CEEh 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CBB6B second address: 7CBB6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CBB6F second address: 7CBB85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007FB8F4BE3CEEh 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CBB85 second address: 7CBBBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b jg 00007FB8F44FA2A6h 0x00000011 pop eax 0x00000012 jmp 00007FB8F44FA2B7h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDC70 second address: 7CDC74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDC74 second address: 7CDCA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB8F44FA2B1h 0x0000000c jmp 00007FB8F44FA2B0h 0x00000011 popad 0x00000012 popad 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push edi 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c pop edi 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDCA8 second address: 7CDCAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDCAE second address: 7CDCB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDCB2 second address: 7CDCE2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a je 00007FB8F4BE3CFDh 0x00000010 jmp 00007FB8F4BE3CF7h 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDDA9 second address: 7CDE24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FB8F44FA2ACh 0x0000000c jnc 00007FB8F44FA2A6h 0x00000012 popad 0x00000013 add dword ptr [esp], 10D5F900h 0x0000001a sub ecx, 2ED8EE37h 0x00000020 push 00000003h 0x00000022 jmp 00007FB8F44FA2AAh 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push esi 0x0000002c call 00007FB8F44FA2A8h 0x00000031 pop esi 0x00000032 mov dword ptr [esp+04h], esi 0x00000036 add dword ptr [esp+04h], 0000001Ch 0x0000003e inc esi 0x0000003f push esi 0x00000040 ret 0x00000041 pop esi 0x00000042 ret 0x00000043 xor si, E19Ch 0x00000048 push 00000003h 0x0000004a mov cl, 78h 0x0000004c call 00007FB8F44FA2A9h 0x00000051 pushad 0x00000052 jmp 00007FB8F44FA2B2h 0x00000057 push eax 0x00000058 push edx 0x00000059 push eax 0x0000005a pop eax 0x0000005b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDE24 second address: 7CDE31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDE31 second address: 7CDE35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDE35 second address: 7CDE47 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB8F4BE3CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007FB8F4BE3CE6h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDEF1 second address: 7CDF33 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jno 00007FB8F44FA2A6h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f or dword ptr [ebp+122D2284h], edx 0x00000015 push 00000000h 0x00000017 xor dword ptr [ebp+122D1BFFh], ebx 0x0000001d mov dword ptr [ebp+122D22B3h], eax 0x00000023 call 00007FB8F44FA2A9h 0x00000028 jmp 00007FB8F44FA2B0h 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDF33 second address: 7CDF3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDF3A second address: 7CDF50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jc 00007FB8F44FA2A6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDF50 second address: 7CDF5A instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB8F4BE3CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CDF5A second address: 7CDF96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c js 00007FB8F44FA2AEh 0x00000012 jg 00007FB8F44FA2A8h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c pushad 0x0000001d jmp 00007FB8F44FA2B5h 0x00000022 push eax 0x00000023 push edx 0x00000024 jnc 00007FB8F44FA2A6h 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CE060 second address: 7CE07A instructions: 0x00000000 rdtsc 0x00000002 js 00007FB8F4BE3CECh 0x00000008 jl 00007FB8F4BE3CE6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jo 00007FB8F4BE3CEEh 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CE07A second address: 7CE0BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebp 0x00000009 call 00007FB8F44FA2A8h 0x0000000e pop ebp 0x0000000f mov dword ptr [esp+04h], ebp 0x00000013 add dword ptr [esp+04h], 0000001Dh 0x0000001b inc ebp 0x0000001c push ebp 0x0000001d ret 0x0000001e pop ebp 0x0000001f ret 0x00000020 mov dword ptr [ebp+122D2AE9h], esi 0x00000026 push 00000000h 0x00000028 mov edx, esi 0x0000002a push C1758780h 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CE0BA second address: 7CE0C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CE0C8 second address: 7CE10B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 3E8A7900h 0x00000010 mov dword ptr [ebp+122D1DD3h], ecx 0x00000016 push 00000003h 0x00000018 push ecx 0x00000019 mov dword ptr [ebp+122D1DC7h], esi 0x0000001f pop ecx 0x00000020 push 00000000h 0x00000022 push 00000003h 0x00000024 mov dword ptr [ebp+122D1C17h], ecx 0x0000002a mov dx, si 0x0000002d push AE4B45CAh 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 pop eax 0x00000037 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CE10B second address: 7CE10F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CE10F second address: 7CE156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a popad 0x0000000b xor dword ptr [esp], 6E4B45CAh 0x00000012 and esi, dword ptr [ebp+122D2F37h] 0x00000018 lea ebx, dword ptr [ebp+1244DBCCh] 0x0000001e jmp 00007FB8F44FA2B6h 0x00000023 xchg eax, ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FB8F44FA2B0h 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EFC6C second address: 7EFC78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FB8F4BE3CE6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EFC78 second address: 7EFC92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FB8F44FA2ACh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EFC92 second address: 7EFC96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EFC96 second address: 7EFC9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EFC9A second address: 7EFCA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EFCA5 second address: 7EFCAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EFCAA second address: 7EFCB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EFCB5 second address: 7EFCBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EDB9F second address: 7EDBA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EDBA3 second address: 7EDBAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EDBAD second address: 7EDBB3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EE43D second address: 7EE443 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EEBF2 second address: 7EEC01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EEC01 second address: 7EEC26 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB8F44FA2A8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FB8F44FA2B7h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B017A second address: 7B018D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB8F4BE3CECh 0x00000008 jo 00007FB8F4BE3CE6h 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B018D second address: 7B01B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB8F44FA2B8h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B01B1 second address: 7B01B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B01B5 second address: 7B01BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EED79 second address: 7EED88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jg 00007FB8F4BE3CF2h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EED88 second address: 7EEDA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB8F44FA2A6h 0x0000000a jmp 00007FB8F44FA2AFh 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EF4BE second address: 7EF4DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CF6h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E404E second address: 7E4060 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EFACA second address: 7EFB06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB8F4BE3CF0h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007FB8F4BE3CF2h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ecx 0x00000013 jns 00007FB8F4BE3CEEh 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F1A4E second address: 7F1A65 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB8F44FA2A6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FB8F44FA2ABh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F1A65 second address: 7F1A81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8F4BE3CF8h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F4A70 second address: 7F4A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F505F second address: 7F5063 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F39B5 second address: 7F39BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F39BB second address: 7F39C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7F532F second address: 7F5335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FAD0C second address: 7FAD10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FAE95 second address: 7FAE9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FAE9A second address: 7FAEA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FB162 second address: 7FB16A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FB445 second address: 7FB45F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CF6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FB45F second address: 7FB47D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB8F44FA2B6h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FB47D second address: 7FB4CD instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB8F4BE3CE6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FB8F4BE3CF5h 0x00000015 jmp 00007FB8F4BE3CF1h 0x0000001a jmp 00007FB8F4BE3CF9h 0x0000001f popad 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FC0B7 second address: 7FC0C4 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB8F44FA2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FC0C4 second address: 7FC0DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007FB8F4BE3CECh 0x00000012 jne 00007FB8F4BE3CE6h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FC0DC second address: 7FC10F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a call 00007FB8F44FA2A9h 0x0000000f push esi 0x00000010 jl 00007FB8F44FA2ACh 0x00000016 ja 00007FB8F44FA2A6h 0x0000001c pop esi 0x0000001d push eax 0x0000001e pushad 0x0000001f push ebx 0x00000020 push edx 0x00000021 pop edx 0x00000022 pop ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FC10F second address: 7FC113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FC113 second address: 7FC12D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FC12D second address: 7FC13C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jng 00007FB8F4BE3CECh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FC13C second address: 7FC16F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [eax] 0x00000007 jmp 00007FB8F44FA2B8h 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FB8F44FA2AEh 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FCD01 second address: 7FCD0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FCD0E second address: 7FCD43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FB8F44FA2B0h 0x0000000a popad 0x0000000b xchg eax, ebx 0x0000000c jmp 00007FB8F44FA2AFh 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 jp 00007FB8F44FA2ACh 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FCD43 second address: 7FCD58 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB8F4BE3CECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FCFAD second address: 7FCFB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FD1BA second address: 7FD1BF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FD324 second address: 7FD328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AC97D second address: 7AC981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AC981 second address: 7AC991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jp 00007FB8F44FA2A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7AC991 second address: 7AC9AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CF9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FEF8B second address: 7FF010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FB8F44FA2A6h 0x0000000a popad 0x0000000b pop ebx 0x0000000c push eax 0x0000000d jmp 00007FB8F44FA2AAh 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007FB8F44FA2A8h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d jmp 00007FB8F44FA2B5h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push esi 0x00000037 call 00007FB8F44FA2A8h 0x0000003c pop esi 0x0000003d mov dword ptr [esp+04h], esi 0x00000041 add dword ptr [esp+04h], 00000015h 0x00000049 inc esi 0x0000004a push esi 0x0000004b ret 0x0000004c pop esi 0x0000004d ret 0x0000004e mov edi, dword ptr [ebp+122D2CAFh] 0x00000054 mov si, E102h 0x00000058 push 00000000h 0x0000005a cld 0x0000005b movsx edi, bx 0x0000005e xchg eax, ebx 0x0000005f jl 00007FB8F44FA2B4h 0x00000065 pushad 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FF010 second address: 7FF022 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FB8F4BE3CE6h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pushad 0x00000010 popad 0x00000011 pop ecx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FF022 second address: 7FF028 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FF028 second address: 7FF02C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FFA82 second address: 7FFAEF instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB8F44FA2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FB8F44FA2A8h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 mov esi, dword ptr [ebp+122D2CF3h] 0x0000002e push 00000000h 0x00000030 movsx edi, di 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007FB8F44FA2A8h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 00000016h 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f add dword ptr [ebp+122D1D29h], ecx 0x00000055 xchg eax, ebx 0x00000056 jc 00007FB8F44FA2AEh 0x0000005c push ebx 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7FFAEF second address: 7FFAFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 801481 second address: 801499 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8F44FA2B4h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80297B second address: 80297F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 803714 second address: 80371A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80371A second address: 80371F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80371F second address: 803725 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8037C6 second address: 8037CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80796F second address: 807977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 807E7A second address: 807E84 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB8F4BE3CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 807E84 second address: 807E8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 807E8B second address: 807F31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 je 00007FB8F4BE3CFDh 0x0000000e jne 00007FB8F4BE3CF7h 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push ebp 0x00000018 call 00007FB8F4BE3CE8h 0x0000001d pop ebp 0x0000001e mov dword ptr [esp+04h], ebp 0x00000022 add dword ptr [esp+04h], 00000014h 0x0000002a inc ebp 0x0000002b push ebp 0x0000002c ret 0x0000002d pop ebp 0x0000002e ret 0x0000002f jmp 00007FB8F4BE3CF1h 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push edi 0x00000039 call 00007FB8F4BE3CE8h 0x0000003e pop edi 0x0000003f mov dword ptr [esp+04h], edi 0x00000043 add dword ptr [esp+04h], 0000001Dh 0x0000004b inc edi 0x0000004c push edi 0x0000004d ret 0x0000004e pop edi 0x0000004f ret 0x00000050 mov edi, dword ptr [ebp+122D22BEh] 0x00000056 mov dword ptr [ebp+12475706h], esi 0x0000005c movzx edi, ax 0x0000005f push 00000000h 0x00000061 xchg eax, esi 0x00000062 jmp 00007FB8F4BE3CEFh 0x00000067 push eax 0x00000068 push eax 0x00000069 push edx 0x0000006a jc 00007FB8F4BE3CE8h 0x00000070 push ecx 0x00000071 pop ecx 0x00000072 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 808070 second address: 808074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 808074 second address: 808125 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push ebx 0x0000000c jmp 00007FB8F4BE3CEAh 0x00000011 pop ebx 0x00000012 nop 0x00000013 mov dword ptr [ebp+1245D1F9h], edx 0x00000019 mov ebx, ecx 0x0000001b push dword ptr fs:[00000000h] 0x00000022 pushad 0x00000023 movsx ecx, dx 0x00000026 add eax, dword ptr [ebp+1247BDDCh] 0x0000002c popad 0x0000002d mov dword ptr fs:[00000000h], esp 0x00000034 push 00000000h 0x00000036 push esi 0x00000037 call 00007FB8F4BE3CE8h 0x0000003c pop esi 0x0000003d mov dword ptr [esp+04h], esi 0x00000041 add dword ptr [esp+04h], 0000001Ch 0x00000049 inc esi 0x0000004a push esi 0x0000004b ret 0x0000004c pop esi 0x0000004d ret 0x0000004e mov dword ptr [ebp+1244EFA4h], eax 0x00000054 mov eax, dword ptr [ebp+122D0B8Dh] 0x0000005a mov bx, A343h 0x0000005e push FFFFFFFFh 0x00000060 nop 0x00000061 jl 00007FB8F4BE3D0Bh 0x00000067 pushad 0x00000068 jmp 00007FB8F4BE3CF9h 0x0000006d jmp 00007FB8F4BE3CEAh 0x00000072 popad 0x00000073 push eax 0x00000074 push eax 0x00000075 push edx 0x00000076 jmp 00007FB8F4BE3CEAh 0x0000007b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 809C62 second address: 809C69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 808E57 second address: 808E61 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB8F4BE3CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 808E61 second address: 808F06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c js 00007FB8F44FA2A6h 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov dword ptr [ebp+122D1E7Bh], edi 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 push 00000000h 0x00000028 push eax 0x00000029 call 00007FB8F44FA2A8h 0x0000002e pop eax 0x0000002f mov dword ptr [esp+04h], eax 0x00000033 add dword ptr [esp+04h], 0000001Ch 0x0000003b inc eax 0x0000003c push eax 0x0000003d ret 0x0000003e pop eax 0x0000003f ret 0x00000040 mov bx, 550Bh 0x00000044 mov eax, dword ptr [ebp+122D1361h] 0x0000004a or bx, 4087h 0x0000004f sub dword ptr [ebp+122D20BFh], edx 0x00000055 push FFFFFFFFh 0x00000057 pushad 0x00000058 mov dword ptr [ebp+122D2FB3h], eax 0x0000005e mov dword ptr [ebp+122D22FFh], eax 0x00000064 popad 0x00000065 sub edi, dword ptr [ebp+122D260Dh] 0x0000006b nop 0x0000006c jnc 00007FB8F44FA2B0h 0x00000072 pushad 0x00000073 jng 00007FB8F44FA2A6h 0x00000079 pushad 0x0000007a popad 0x0000007b popad 0x0000007c push eax 0x0000007d push eax 0x0000007e push edx 0x0000007f push eax 0x00000080 push edx 0x00000081 jbe 00007FB8F44FA2A6h 0x00000087 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 808F06 second address: 808F10 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB8F4BE3CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80AED7 second address: 80AEFF instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB8F44FA2ACh 0x00000008 jnp 00007FB8F44FA2A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jns 00007FB8F44FA2C1h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FB8F44FA2AFh 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80AEFF second address: 80AF03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80CD5E second address: 80CD62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80CD62 second address: 80CD66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80CEB5 second address: 80CF6B instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB8F44FA2A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b sub dword ptr [ebp+12476CDCh], ecx 0x00000011 push dword ptr fs:[00000000h] 0x00000018 mov ebx, edx 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push ecx 0x00000024 call 00007FB8F44FA2A8h 0x00000029 pop ecx 0x0000002a mov dword ptr [esp+04h], ecx 0x0000002e add dword ptr [esp+04h], 0000001Ah 0x00000036 inc ecx 0x00000037 push ecx 0x00000038 ret 0x00000039 pop ecx 0x0000003a ret 0x0000003b push ebx 0x0000003c movsx ebx, di 0x0000003f pop edi 0x00000040 mov eax, dword ptr [ebp+122D0695h] 0x00000046 jc 00007FB8F44FA2ACh 0x0000004c mov edi, dword ptr [ebp+122D2F3Bh] 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push ebp 0x00000057 call 00007FB8F44FA2A8h 0x0000005c pop ebp 0x0000005d mov dword ptr [esp+04h], ebp 0x00000061 add dword ptr [esp+04h], 00000018h 0x00000069 inc ebp 0x0000006a push ebp 0x0000006b ret 0x0000006c pop ebp 0x0000006d ret 0x0000006e add edi, 198AED51h 0x00000074 nop 0x00000075 jno 00007FB8F44FA2CAh 0x0000007b push eax 0x0000007c push ecx 0x0000007d pushad 0x0000007e pushad 0x0000007f popad 0x00000080 push eax 0x00000081 push edx 0x00000082 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80DE35 second address: 80DE3F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB8F4BE3CECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80FD6E second address: 80FD74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 810CDE second address: 810D50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a jmp 00007FB8F4BE3CF2h 0x0000000f push 00000000h 0x00000011 or dword ptr [ebp+122D2FD7h], esi 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007FB8F4BE3CE8h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 00000019h 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 xchg eax, esi 0x00000034 pushad 0x00000035 pushad 0x00000036 pushad 0x00000037 popad 0x00000038 jmp 00007FB8F4BE3CF6h 0x0000003d popad 0x0000003e jc 00007FB8F4BE3CE8h 0x00000044 push edi 0x00000045 pop edi 0x00000046 popad 0x00000047 push eax 0x00000048 push edi 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 810D50 second address: 810D54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 810D54 second address: 810D58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 811C96 second address: 811C9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 811C9C second address: 811CE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov bl, BAh 0x0000000e push 00000000h 0x00000010 mov di, 35DEh 0x00000014 jmp 00007FB8F4BE3CF3h 0x00000019 push 00000000h 0x0000001b movzx ebx, si 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jp 00007FB8F4BE3CF3h 0x00000027 jmp 00007FB8F4BE3CEDh 0x0000002c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 811CE8 second address: 811CEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 811CEE second address: 811CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 812D40 second address: 812D77 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007FB8F44FA2A8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 push 00000000h 0x00000025 cmc 0x00000026 push 00000000h 0x00000028 mov edi, dword ptr [ebp+122D22FFh] 0x0000002e xchg eax, esi 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 812D77 second address: 812D7D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 811EB4 second address: 811EB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 810E77 second address: 810F2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007FB8F4BE3CE8h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 adc bx, AEE6h 0x0000002b push dword ptr fs:[00000000h] 0x00000032 push 00000000h 0x00000034 push edi 0x00000035 call 00007FB8F4BE3CE8h 0x0000003a pop edi 0x0000003b mov dword ptr [esp+04h], edi 0x0000003f add dword ptr [esp+04h], 0000001Bh 0x00000047 inc edi 0x00000048 push edi 0x00000049 ret 0x0000004a pop edi 0x0000004b ret 0x0000004c cld 0x0000004d jmp 00007FB8F4BE3CF2h 0x00000052 mov dword ptr fs:[00000000h], esp 0x00000059 mov dword ptr [ebp+122D5D06h], eax 0x0000005f mov eax, dword ptr [ebp+122D11E9h] 0x00000065 mov edi, dword ptr [ebp+122D1C42h] 0x0000006b push FFFFFFFFh 0x0000006d nop 0x0000006e jmp 00007FB8F4BE3CF6h 0x00000073 push eax 0x00000074 jc 00007FB8F4BE3CF2h 0x0000007a jnp 00007FB8F4BE3CECh 0x00000080 push eax 0x00000081 push edx 0x00000082 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 811EB8 second address: 811EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 812EF7 second address: 812EFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 811EBE second address: 811F57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007FB8F44FA2AAh 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 pushad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a popad 0x0000001b nop 0x0000001c mov bx, D6EFh 0x00000020 je 00007FB8F44FA2A8h 0x00000026 mov bl, al 0x00000028 push dword ptr fs:[00000000h] 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007FB8F44FA2A8h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 00000019h 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 xor dword ptr [ebp+122D31F7h], esi 0x0000004f mov dword ptr fs:[00000000h], esp 0x00000056 mov ebx, dword ptr [ebp+122D1C29h] 0x0000005c mov eax, dword ptr [ebp+122D12ADh] 0x00000062 mov dword ptr [ebp+122D1CBBh], ecx 0x00000068 push FFFFFFFFh 0x0000006a jmp 00007FB8F44FA2ABh 0x0000006f push eax 0x00000070 push eax 0x00000071 push edx 0x00000072 push eax 0x00000073 push edx 0x00000074 jno 00007FB8F44FA2A6h 0x0000007a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 811F57 second address: 811F5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 811F5B second address: 811F61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 811F61 second address: 811F66 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 814D94 second address: 814DFD instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB8F44FA2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007FB8F44FA2A8h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 clc 0x00000027 push 00000000h 0x00000029 sub ebx, dword ptr [ebp+122D2DDFh] 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edi 0x00000034 call 00007FB8F44FA2A8h 0x00000039 pop edi 0x0000003a mov dword ptr [esp+04h], edi 0x0000003e add dword ptr [esp+04h], 00000014h 0x00000046 inc edi 0x00000047 push edi 0x00000048 ret 0x00000049 pop edi 0x0000004a ret 0x0000004b xchg eax, esi 0x0000004c jnp 00007FB8F44FA2AEh 0x00000052 push eax 0x00000053 push ebx 0x00000054 push eax 0x00000055 push edx 0x00000056 push ebx 0x00000057 pop ebx 0x00000058 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 813EDE second address: 813F18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CF8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FB8F4BE3CF7h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 813FE6 second address: 813FEB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 815F55 second address: 815FF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CF6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b jmp 00007FB8F4BE3CF8h 0x00000010 push dword ptr fs:[00000000h] 0x00000017 mov edi, esi 0x00000019 mov dword ptr fs:[00000000h], esp 0x00000020 mov ebx, dword ptr [ebp+12467F1Eh] 0x00000026 mov eax, dword ptr [ebp+122D1359h] 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007FB8F4BE3CE8h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 0000001Ch 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 call 00007FB8F4BE3CEDh 0x0000004b mov ebx, dword ptr [ebp+122D1D39h] 0x00000051 pop edi 0x00000052 push FFFFFFFFh 0x00000054 mov ebx, 05E3975Bh 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c jnp 00007FB8F4BE3CECh 0x00000062 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 815FF3 second address: 815FF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81F101 second address: 81F10D instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB8F4BE3CEEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81F10D second address: 81F11D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 jno 00007FB8F44FA2A6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81F26E second address: 81F282 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB8F4BE3CE6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jns 00007FB8F4BE3CE6h 0x00000013 pop esi 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81F282 second address: 81F2B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB8F44FA2B8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007FB8F44FA2ACh 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81F2B5 second address: 81F2B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81F2B9 second address: 81F2C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FB8F44FA2AEh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 824065 second address: 824069 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 824069 second address: 82406F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 829CD9 second address: 829CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 829CDF second address: 829CE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 829CE3 second address: 829D02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8F4BE3CF5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 829D02 second address: 829D18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82A58E second address: 82A594 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82A830 second address: 82A844 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2B0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82A970 second address: 82A981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB8F4BE3CE6h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82A981 second address: 82A995 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB8F44FA2AAh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82A995 second address: 82A999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 831C63 second address: 831CAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB8F44FA2B7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FB8F44FA2ADh 0x00000013 popad 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 jmp 00007FB8F44FA2B7h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 831CAE second address: 831CBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FB8F4BE3CE6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 830A23 second address: 830A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB8F44FA2A6h 0x0000000a push esi 0x0000000b jp 00007FB8F44FA2A6h 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 pushad 0x00000015 jnc 00007FB8F44FA2A6h 0x0000001b jmp 00007FB8F44FA2ADh 0x00000020 push ebx 0x00000021 pop ebx 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 jnl 00007FB8F44FA2A6h 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 830CCB second address: 830CCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 831108 second address: 831126 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FB8F44FA2B8h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 831126 second address: 83112A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 831568 second address: 83156C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83156C second address: 8315AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8F4BE3CEEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FB8F4BE3CF6h 0x00000011 jmp 00007FB8F4BE3CF1h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 834965 second address: 83496B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83496B second address: 83496F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C6143 second address: 7C6147 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 839FD3 second address: 839FD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 839FD9 second address: 839FDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 839FDD second address: 83A012 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB8F4BE3CF8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FB8F4BE3CF7h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805426 second address: 80542C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80542C second address: 805448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ebx 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB8F4BE3CEFh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805839 second address: 805863 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007FB8F44FA2A6h 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 jmp 00007FB8F44FA2ABh 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b pushad 0x0000001c jg 00007FB8F44FA2ACh 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805863 second address: 80589E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB8F4BE3CE8h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d mov eax, dword ptr [eax] 0x0000000f jmp 00007FB8F4BE3CEDh 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FB8F4BE3CF9h 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80589E second address: 805900 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jo 00007FB8F44FA2A6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop eax 0x0000000f xor ch, FFFFFFD9h 0x00000012 call 00007FB8F44FA2A9h 0x00000017 push esi 0x00000018 jmp 00007FB8F44FA2B5h 0x0000001d pop esi 0x0000001e push eax 0x0000001f jne 00007FB8F44FA2B2h 0x00000025 mov eax, dword ptr [esp+04h] 0x00000029 push esi 0x0000002a pushad 0x0000002b jmp 00007FB8F44FA2B5h 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805900 second address: 805911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 mov eax, dword ptr [eax] 0x00000008 jo 00007FB8F4BE3CEEh 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805911 second address: 805938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007FB8F44FA2B8h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805A29 second address: 805A60 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB8F4BE3CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jl 00007FB8F4BE3CE6h 0x00000011 jmp 00007FB8F4BE3CEBh 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 pushad 0x0000001a jmp 00007FB8F4BE3CF3h 0x0000001f push eax 0x00000020 push edx 0x00000021 push ebx 0x00000022 pop ebx 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805A8F second address: 805ACC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], esi 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007FB8F44FA2A8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 mov dword ptr [ebp+1247686Fh], edx 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FB8F44FA2AFh 0x00000031 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8061F4 second address: 80620D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 pushad 0x00000007 jmp 00007FB8F4BE3CEFh 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8063BB second address: 8063C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83922A second address: 839233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 839233 second address: 839237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8393BA second address: 8393C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8393C0 second address: 8393C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8393C4 second address: 8393C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8393C8 second address: 8393F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jnp 00007FB8F44FA2A6h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop ebx 0x00000010 push ebx 0x00000011 push edi 0x00000012 pop edi 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop ebx 0x00000016 popad 0x00000017 push edi 0x00000018 push edi 0x00000019 jmp 00007FB8F44FA2ACh 0x0000001e push esi 0x0000001f pop esi 0x00000020 pop edi 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8393F4 second address: 8393F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8393F8 second address: 8393FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8393FC second address: 839402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 839559 second address: 83955F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83955F second address: 83956A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83956A second address: 83956F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8396CA second address: 8396DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8F4BE3CEDh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8396DB second address: 8396ED instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB8F44FA2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8398B0 second address: 8398B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8398B6 second address: 8398BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF3DE second address: 7BF3E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF3E4 second address: 7BF3E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF3E8 second address: 7BF410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8F4BE3CF1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FB8F4BE3CF1h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7BF410 second address: 7BF415 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83F3FF second address: 83F403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83F403 second address: 83F407 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FBCC second address: 83FBEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jno 00007FB8F4BE3CE6h 0x0000000c jmp 00007FB8F4BE3CEFh 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FBEA second address: 83FC06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB8F44FA2B7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FC06 second address: 83FC13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007FB8F4BE3CE6h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FC13 second address: 83FC17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FD7B second address: 83FD8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 push ebx 0x00000008 jnp 00007FB8F4BE3CE6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FD8B second address: 83FD90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FD90 second address: 83FDAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FB8F4BE3CF4h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FDAB second address: 83FDB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FF06 second address: 83FF23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8F4BE3CF4h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FF23 second address: 83FF29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FF29 second address: 83FF2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FF2D second address: 83FF33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FF33 second address: 83FF39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FF39 second address: 83FF43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FB8F44FA2A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83FF43 second address: 83FF5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8400A3 second address: 8400A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8400A9 second address: 8400E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007FB8F4BE3CF6h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB8F4BE3CF8h 0x00000013 push eax 0x00000014 push edx 0x00000015 jnp 00007FB8F4BE3CE6h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8400E7 second address: 840104 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84028C second address: 8402A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jns 00007FB8F4BE3CE6h 0x0000000b jnl 00007FB8F4BE3CE6h 0x00000011 popad 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 840814 second address: 84081C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84081C second address: 840820 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 840820 second address: 840832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007FB8F44FA2A8h 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 844018 second address: 844021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84645D second address: 846467 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB8F44FA2ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8460B5 second address: 8460C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB8F4BE3CEEh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8460C9 second address: 8460CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8460CF second address: 8460E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CF5h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8460E8 second address: 846107 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jc 00007FB8F44FA2A6h 0x0000000d pop edi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 jmp 00007FB8F44FA2ABh 0x00000018 pop eax 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 848E63 second address: 848E86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jng 00007FB8F4BE3CE6h 0x00000010 jp 00007FB8F4BE3CE6h 0x00000016 popad 0x00000017 push ebx 0x00000018 push edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 848E86 second address: 848E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8492AB second address: 8492AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84D290 second address: 84D2A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8F44FA2AFh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84CFD0 second address: 84CFDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007FB8F4BE3CECh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84CFDF second address: 84CFE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 851260 second address: 85127B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FB8F4BE3CF4h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85127B second address: 851281 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 851281 second address: 851285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 851285 second address: 851289 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 850666 second address: 85067A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CEEh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85067A second address: 8506A1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB8F44FA2BAh 0x00000008 jmp 00007FB8F44FA2B4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007FB8F44FA2A6h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8506A1 second address: 8506C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CF2h 0x00000007 jg 00007FB8F4BE3CE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 850818 second address: 85081C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85081C second address: 85083C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8F4BE3CEDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FB8F4BE3CEDh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85083C second address: 850846 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FB8F44FA2A6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 850B59 second address: 850B65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 850B65 second address: 850BA2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FB8F44FA2B6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FB8F44FA2B4h 0x00000012 jmp 00007FB8F44FA2ABh 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 850E28 second address: 850E39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007FB8F4BE3CE6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 850E39 second address: 850E4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007FB8F44FA2A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 850E4A second address: 850E58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB8F4BE3CE6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85656E second address: 856577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 856577 second address: 85658B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB8F4BE3CECh 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8569BE second address: 8569D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2B4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8569D6 second address: 856A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB8F4BE3CF0h 0x0000000c jmp 00007FB8F4BE3CF4h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805FCF second address: 805FEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8F44FA2B9h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 805FEC second address: 806084 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+1245CE90h], eax 0x00000014 mov ebx, dword ptr [ebp+12485145h] 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007FB8F4BE3CE8h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 0000001Ch 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 jmp 00007FB8F4BE3CF4h 0x00000039 sub dword ptr [ebp+122D3B87h], edi 0x0000003f add eax, ebx 0x00000041 push 00000000h 0x00000043 push ebp 0x00000044 call 00007FB8F4BE3CE8h 0x00000049 pop ebp 0x0000004a mov dword ptr [esp+04h], ebp 0x0000004e add dword ptr [esp+04h], 00000019h 0x00000056 inc ebp 0x00000057 push ebp 0x00000058 ret 0x00000059 pop ebp 0x0000005a ret 0x0000005b nop 0x0000005c ja 00007FB8F4BE3CEEh 0x00000062 push eax 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 806084 second address: 806097 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 806097 second address: 8060DC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 add edx, dword ptr [ebp+122D2C97h] 0x0000000e sub ecx, dword ptr [ebp+122D2C9Fh] 0x00000014 push 00000004h 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007FB8F4BE3CE8h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000017h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 jne 00007FB8F4BE3CEBh 0x00000036 push eax 0x00000037 pushad 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8060DC second address: 8060E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 856CBB second address: 856CBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 856CBF second address: 856CD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 856CD6 second address: 856CE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FB8F4BE3CE6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 856CE2 second address: 856CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 856E71 second address: 856E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 856E75 second address: 856EB8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FB8F44FA2ADh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007FB8F44FA2B4h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FB8F44FA2B7h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 856EB8 second address: 856EBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 856EBC second address: 856EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 857838 second address: 85783C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85783C second address: 857840 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85F723 second address: 85F73F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CF8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85FD1E second address: 85FD24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85FD24 second address: 85FD29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85FD29 second address: 85FD5C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jg 00007FB8F44FA2A6h 0x00000009 jmp 00007FB8F44FA2AEh 0x0000000e pop edx 0x0000000f push ebx 0x00000010 jng 00007FB8F44FA2A6h 0x00000016 pop ebx 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FB8F44FA2AEh 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85FD5C second address: 85FD75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB8F4BE3CEFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85FD75 second address: 85FD7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85FD7B second address: 85FD7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85FD7F second address: 85FD98 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB8F44FA2A6h 0x00000008 jnp 00007FB8F44FA2A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 pushad 0x00000012 popad 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop edi 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85FD98 second address: 85FD9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 860045 second address: 860049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 860049 second address: 860064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FB8F4BE3CE6h 0x0000000d jmp 00007FB8F4BE3CEAh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 860339 second address: 860349 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FB8F44FA2A6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 860349 second address: 86034E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86034E second address: 860366 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB8F44FA2BAh 0x00000008 jmp 00007FB8F44FA2AEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 860C38 second address: 860C49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CEDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86620D second address: 866213 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 866213 second address: 866217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 866217 second address: 86621B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86621B second address: 866227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 866227 second address: 86625F instructions: 0x00000000 rdtsc 0x00000002 je 00007FB8F44FA2A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 jmp 00007FB8F44FA2AAh 0x00000015 popad 0x00000016 jmp 00007FB8F44FA2B3h 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f jg 00007FB8F44FA2A6h 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86625F second address: 866269 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB8F4BE3CE6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 869426 second address: 869474 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jng 00007FB8F44FA2C0h 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007FB8F44FA2A6h 0x00000018 jmp 00007FB8F44FA2B4h 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 869474 second address: 86947A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 869726 second address: 86972A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86972A second address: 86973C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB8F4BE3CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86973C second address: 869740 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 869740 second address: 86977E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FB8F4BE3CF7h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB8F4BE3CEEh 0x00000015 jne 00007FB8F4BE3CEEh 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86977E second address: 86979A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB8F44FA2ADh 0x00000008 jmp 00007FB8F44FA2AAh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86995D second address: 869962 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 869962 second address: 869968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 869BED second address: 869C04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CF3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 869C04 second address: 869C21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB8F44FA2B9h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86A03B second address: 86A05B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FB8F4BE3CE6h 0x00000009 jmp 00007FB8F4BE3CF5h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 872064 second address: 872074 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB8F44FA2A6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 872074 second address: 872078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 872078 second address: 87207E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87207E second address: 872089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 872089 second address: 8720BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007FB8F44FA2A6h 0x0000000c popad 0x0000000d jmp 00007FB8F44FA2B6h 0x00000012 pushad 0x00000013 jmp 00007FB8F44FA2ACh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87013A second address: 87013E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 870B1E second address: 870B22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 870C54 second address: 870C69 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB8F4BE3CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB8F4BE3CEBh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 871E9F second address: 871EA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 871EA5 second address: 871EAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 871EAB second address: 871EAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 871EAF second address: 871EC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CEFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 871EC2 second address: 871EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB8F44FA2ABh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jne 00007FB8F44FA2C6h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 871EDF second address: 871EEA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 871EEA second address: 871EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86FD01 second address: 86FD0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86FD0A second address: 86FD10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86FD10 second address: 86FD14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8753BB second address: 8753DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8F44FA2B6h 0x00000009 jc 00007FB8F44FA2A6h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8753DE second address: 8753EC instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB8F4BE3CE8h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8753EC second address: 8753F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8753F2 second address: 875404 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CEEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8791BD second address: 8791C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87C40C second address: 87C455 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007FB8F4BE3CF5h 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jmp 00007FB8F4BE3CEDh 0x00000017 popad 0x00000018 pushad 0x00000019 jmp 00007FB8F4BE3CEFh 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 jo 00007FB8F4BE3CE6h 0x00000026 popad 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87BFFC second address: 87C01D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87C01D second address: 87C023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87C023 second address: 87C027 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87DB70 second address: 87DB76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87DB76 second address: 87DB7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88AF3A second address: 88AF5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jmp 00007FB8F4BE3CF5h 0x0000000c pop edi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88AF5E second address: 88AF76 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2B4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88AF76 second address: 88AF81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88AF81 second address: 88AFB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB8F44FA2A6h 0x0000000a popad 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f pushad 0x00000010 jmp 00007FB8F44FA2AEh 0x00000015 jmp 00007FB8F44FA2AFh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B89A7 second address: 7B89B0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7B89B0 second address: 7B89BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 897200 second address: 89723E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB8F4BE3CF9h 0x0000000b pushad 0x0000000c jbe 00007FB8F4BE3CE6h 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007FB8F4BE3CF4h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89723E second address: 897253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jg 00007FB8F44FA2A6h 0x0000000e popad 0x0000000f popad 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89EDC9 second address: 89EDCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89EDCD second address: 89EDD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89EDD5 second address: 89EDFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CF3h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB8F4BE3CECh 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89EDFA second address: 89EE0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2AEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A5E27 second address: 8A5E2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A5E2B second address: 8A5E3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007FB8F44FA2A6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A5E3A second address: 8A5E43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A5E43 second address: 8A5E47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A5FC6 second address: 8A5FF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB8F4BE3CE6h 0x0000000a push edi 0x0000000b jmp 00007FB8F4BE3CF9h 0x00000010 pushad 0x00000011 popad 0x00000012 pop edi 0x00000013 push ecx 0x00000014 push edi 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A6132 second address: 8A617A instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB8F44FA2A6h 0x00000008 jmp 00007FB8F44FA2B7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FB8F44FA2B4h 0x00000017 jmp 00007FB8F44FA2B0h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A617A second address: 8A617F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A617F second address: 8A619E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB8F44FA2B3h 0x00000009 jno 00007FB8F44FA2A6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A62D4 second address: 8A62D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A62D8 second address: 8A6311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop ecx 0x0000000c jmp 00007FB8F44FA2B8h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FB8F44FA2B2h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A6311 second address: 8A631B instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB8F4BE3CECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A6450 second address: 8A6458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A66E1 second address: 8A66F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CEFh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A66F5 second address: 8A66FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AAE78 second address: 8AAE8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD992 second address: 8BD997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD997 second address: 8BD9A1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB8F4BE3CF2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD9A1 second address: 8BD9A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD9A7 second address: 8BD9CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 ja 00007FB8F4BE3CE6h 0x0000000b pop esi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FB8F4BE3CF6h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD9CD second address: 8BD9D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jbe 00007FB8F44FA2A6h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CB766 second address: 8CB76A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E48CD second address: 8E48E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB8F44FA2B3h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E48E6 second address: 8E48EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E48EE second address: 8E48F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E48F2 second address: 8E4904 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB8F4BE3CE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E386E second address: 8E3874 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E3874 second address: 8E387A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E3B31 second address: 8E3B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FB8F44FA2B8h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E3B50 second address: 8E3B55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E42B1 second address: 8E42B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E42B7 second address: 8E42C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007FB8F4BE3CE6h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7947 second address: 8E794C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E794C second address: 8E7977 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F4BE3CEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007FB8F4BE3CF3h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7977 second address: 8E799E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop ebx 0x00000009 popad 0x0000000a nop 0x0000000b mov edx, ecx 0x0000000d push dword ptr [ebp+122D23FBh] 0x00000013 mov edx, 1CCA94A3h 0x00000018 push A9CF9031h 0x0000001d jl 00007FB8F44FA2B0h 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 pop eax 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E8C60 second address: 8E8C6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007FB8F4BE3CE6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E8C6F second address: 8E8C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E8C73 second address: 8E8C93 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB8F4BE3CE6h 0x00000008 jmp 00007FB8F4BE3CF6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EA8B7 second address: 8EA8C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EA8C0 second address: 8EA8C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EA8C6 second address: 8EA8D4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FB8F44FA2A6h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EA8D4 second address: 8EA8D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EA8D8 second address: 8EA8E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EA8E3 second address: 8EA8FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB8F4BE3CEEh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EA8FB second address: 8EA90B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB8F44FA2AAh 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EA4AB second address: 8EA4B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EC539 second address: 8EC542 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420BE0 second address: 5420BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420BE4 second address: 5420BE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420BE8 second address: 5420BEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420BEE second address: 5420C29 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [eax+00000FDCh] 0x0000000f jmp 00007FB8F44FA2AEh 0x00000014 test ecx, ecx 0x00000016 pushad 0x00000017 mov dh, al 0x00000019 push edx 0x0000001a push eax 0x0000001b pop edx 0x0000001c pop eax 0x0000001d popad 0x0000001e jns 00007FB8F44FA30Dh 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420C29 second address: 5420C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420C2D second address: 5420C31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420C31 second address: 5420C37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420C37 second address: 5420C96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB8F44FA2B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add eax, ecx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FB8F44FA2ACh 0x00000012 adc cx, C548h 0x00000017 jmp 00007FB8F44FA2ABh 0x0000001c popfd 0x0000001d jmp 00007FB8F44FA2B8h 0x00000022 popad 0x00000023 mov eax, dword ptr [eax+00000860h] 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420C96 second address: 5420C9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420C9C second address: 5420CEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, al 0x00000005 pushfd 0x00000006 jmp 00007FB8F44FA2B7h 0x0000000b and si, 359Eh 0x00000010 jmp 00007FB8F44FA2B9h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 test eax, eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FB8F44FA2ADh 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420CEC second address: 5420D1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB8F4BE3CF7h 0x00000008 mov ecx, 27C6EC3Fh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 je 00007FB965239D37h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push ecx 0x0000001a pop edx 0x0000001b popad 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420D1A second address: 5420D20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420D20 second address: 5420D24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420D24 second address: 5420D28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5420D28 second address: 5420D3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [eax+04h], 00000005h 0x0000000c pushad 0x0000000d mov ecx, ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop ecx 0x00000013 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 653E4A instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 7F3B4D instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 6512D2 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 805485 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 2132Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 2748Thread sleep time: -30000s >= -30000sJump to behavior
    Source: file.exeBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exeBinary or memory string: u\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: file.exe, 00000000.00000002.2080657544.00000000015E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080845177.0000000001625000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.2080657544.00000000015AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWhlb
    Source: file.exe, 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00635BB0 LdrInitializeThunk,0_2_00635BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.store
    Source: file.exeString found in binary or memory: bathdoomgaz.store
    Source: file.exeString found in binary or memory: studennotediw.store
    Source: file.exeString found in binary or memory: dissapoiznw.store
    Source: file.exeString found in binary or memory: eaglepawnoy.store
    Source: file.exeString found in binary or memory: mobbipenju.store
    Source: file.exe, file.exe, 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: GProgram Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture113
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.TPM.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    steamcommunity.com0%VirustotalBrowse
    eaglepawnoy.store21%VirustotalBrowse
    licendfilteo.site19%VirustotalBrowse
    spirittunek.store22%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truetrueunknown
    eaglepawnoy.store
    		unknown
    		unknowntrueunknown
    bathdoomgaz.store
    		unknown
    		unknowntrue
      		unknown
      spirittunek.store
      		unknown
      		unknowntrueunknown
      licendfilteo.site
      		unknown
      		unknowntrueunknown
      studennotediw.store
      		unknown
      		unknowntrue
        		unknown
        mobbipenju.store
        		unknown
        		unknowntrue
          		unknown
          clearancek.site
          		unknown
          		unknowntrue
            		unknown
            dissapoiznw.store
            		unknown
            		unknowntrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              bathdoomgaz.storetrue
                		unknown
                studennotediw.storetrue
                  		unknown
                  clearancek.sitetrue
                    		unknown
                    dissapoiznw.storetrue
                      		unknown
                      https://steamcommunity.com/profiles/76561199724331900true
                        		unknown
                        spirittunek.storetrue
                          		unknown
                          licendfilteo.sitetrue
                            		unknown
                            eaglepawnoy.storetrue
                              		unknown
                              mobbipenju.storetrue
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://player.vimeo.comfile.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://help.steampowered.com/en/file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcVfile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://steamcommunity.com/market/file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://store.steampowered.com/news/file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuXfile.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEfile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://www.youtube.comfile.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://www.google.comfile.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://spirittunek.store/apifile.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080845177.0000000001625000.00000004.00000020.00020000.00000000.sdmptrue
                                                          		unknown
                                                          https://store.steampowered.com/stats/file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&amp;l=englisfile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://studennotediw.store/apiNfile.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080845177.0000000001625000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://medal.tvfile.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&ampfile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vfile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pfile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://steamcommunity.com/?file.exe, 00000000.00000002.2080657544.0000000001603000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://s.ytimg.com;file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://login.steampowered.com/file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://store.steampowered.com/legal/file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://steam.tv/file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://licendfilteo.site/apifile.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080845177.0000000001625000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                		unknown
                                                                                https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=englfile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BXfile.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&amp;l=english&amfile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&amp;l=englifile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://steamcommunity.com/ifile.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080845177.0000000001625000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://recaptcha.netfile.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://store.steampowered.com/file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://clearancek.site/apifile.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080845177.0000000001625000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&amp;l=efile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://steamcommunity.com/profiles/76561199724331900_file.exe, 00000000.00000002.2080657544.0000000001603000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://steamcommunity.comfile.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&amp;file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://sketchfab.comfile.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://lv.queniujq.cnfile.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec81file.exe, 00000000.00000002.2080879047.0000000001639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://www.youtube.com/file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://127.0.0.1:27060file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://www.google.com/recaptcha/file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://checkout.steampowered.com/file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://help.steampowered.com/file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://api.steampowered.com/file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bfile.exe, 00000000.00000003.2079403230.0000000001635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079384058.0000000001624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080864279.0000000001636000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079212959.0000000001674000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://store.steampowered.com/mobilefile.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://steamcommunity.com/file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://store.steampowered.com/;file.exe, 00000000.00000002.2080879047.0000000001639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2080894732.0000000001641000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079354374.0000000001641000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://store.steampowered.com/about/file.exe, 00000000.00000003.2079212959.000000000167A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://community.cloudflare.steamstatic.com/file.exe, 00000000.00000003.2079286183.0000000001638000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown

                                                                                                                              World Map of Contacted IPs

                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs

                                                                                                                              Public IPs

                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              104.102.49.254
                                                                                                                              		steamcommunity.comUnited States
                                                                                                                              		16625AKAMAI-ASUStrue

                                                                                                                              General Information

                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                              Analysis ID:1541754
                                                                                                                              Start date and time:2024-10-25 05:20:07 +02:00
                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                              Overall analysis duration:0h 2m 49s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Cookbook file name:default.jbs
                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                              Number of analysed new started processes analysed:2
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:0
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Sample name:file.exe
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal100.troj.evad.winEXE@1/0@9/1
                                                                                                                              EGA Information:
                                                                                                                              • Successful, ratio: 100%
                                                                                                                              HCA Information:Failed
                                                                                                                              Cookbook Comments:
                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                              • Stop behavior analysis, all processes terminated

                                                                                                                              Warnings

                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                              Simulations

                                                                                                                              Behavior and APIs

                                                                                                                              TimeTypeDescription
                                                                                                                              23:21:03API Interceptor3x Sleep call for process: file.exe modified

                                                                                                                              Joe Sandbox View / Context

                                                                                                                              IPs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                              • www.valvesoftware.com/legal.htm

                                                                                                                              Domains

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254

                                                                                                                              ASNs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              AKAMAI-ASUSla.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 23.210.87.183
                                                                                                                              la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.72.132.62
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              http://toungeassociates-sharepoint.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 23.38.98.114
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254

                                                                                                                              JA3 Fingerprints

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1Credit_Details2251397102400024.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              Pro_Inv_24102024_payment_confirmations_SWIFTFiles.xlsGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              msvcp110.dllGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254

                                                                                                                              Dropped Files

                                                                                                                              No context

                                                                                                                              Created / dropped Files

                                                                                                                              No created / dropped files found

                                                                                                                              Static File Info

                                                                                                                              General

                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Entropy (8bit):6.541030053261975
                                                                                                                              TrID:
                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                              File name:file.exe
                                                                                                                              File size:2'944'000 bytes
                                                                                                                              MD5:4cc039ac299c83b717d9ca4cc319a298
                                                                                                                              SHA1:05b8fa480d1252e5decdfe29f74cc89111e6d445
                                                                                                                              SHA256:9d2a579421ad8b4777632bcfd2d713c19973fe0e7dfc0a3edfb4632085bb6052
                                                                                                                              SHA512:e3e9c1ad4013ffaeb1e511082f3b5eb5a1efe48c96b63feeaf44d9b1dfe277e60f698f139dd69496935456e5ba3d44718f71626864c3d7f6a7cff7208e4558b8
                                                                                                                              SSDEEP:49152:FXOSZtnFzrZqrveduj1CVG8qsC0g4P1YfumbOIZZGz:FXOSZtnFzov0uj1CVxFtg47mb9TG
                                                                                                                              TLSH:5DD549E1BA0976CFD48E16749437CE425D5E03A94B148AC3ED2DA4BE7DA3CC112B6C36
                                                                                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................p0...........@...........................0.......-...@.................................W...k..

                                                                                                                              File Icon

                                                                                                                              Icon Hash:00928e8e8686b000

                                                                                                                              Static PE Info

                                                                                                                              General

                                                                                                                              Entrypoint:0x707000
                                                                                                                              Entrypoint Section:.taggant
                                                                                                                              Digitally signed:false
                                                                                                                              Imagebase:0x400000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                              Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:
                                                                                                                              OS Version Major:6
                                                                                                                              OS Version Minor:0
                                                                                                                              File Version Major:6
                                                                                                                              File Version Minor:0
                                                                                                                              Subsystem Version Major:6
                                                                                                                              Subsystem Version Minor:0
                                                                                                                              Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                              Entrypoint Preview

                                                                                                                              Instruction
                                                                                                                              jmp 00007FB8F46394CAh
                                                                                                                              bswap edx
                                                                                                                              sub al, 00h
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              jmp 00007FB8F463B4C5h
                                                                                                                              add byte ptr [0000000Ah], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], dh
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax+eax*4], cl
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              adc byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add eax, 0000000Ah
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], dh
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], ah
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [ecx], ah
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [ecx], al
                                                                                                                              add byte ptr [eax], 00000000h
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              adc byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add eax, 0000000Ah
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], dh
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add al, byte ptr [eax]
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [edi], al
                                                                                                                              add byte ptr [eax], 00000000h
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              adc byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add eax, 0000000Ah
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], dh
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], ch
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [ecx], al
                                                                                                                              add byte ptr [eax], 00000000h
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al

                                                                                                                              Data Directories

                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                              Sections

                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              0x10000x5d0000x25e005632754d1660fe5e70e756119d739b83False0.9994778774752475data7.974999917793135IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              cfbkdpfd0x600000x2a60000x2a560026fdce661b9d3e19303e15e36ec598bbunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              hmwnthlj0x3060000x10000x400667d3dba3cafd999ee21daeafbc16c65False0.8447265625data6.39538981847405IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .taggant0x3070000x30000x2200d73231d0af09734e38fabbef43054c7eFalse0.06238511029411765DOS executable (COM)0.7815705668680434IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                              Imports

                                                                                                                              DLLImport
                                                                                                                              kernel32.dlllstrcpy

                                                                                                                              Network Behavior

                                                                                                                              Suricata IDS Alerts

                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                              2024-10-25T05:21:03.481298+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.5542801.1.1.153UDP
                                                                                                                              2024-10-25T05:21:03.494084+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.5624181.1.1.153UDP
                                                                                                                              2024-10-25T05:21:03.505756+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.5564261.1.1.153UDP
                                                                                                                              2024-10-25T05:21:03.517507+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.5621261.1.1.153UDP
                                                                                                                              2024-10-25T05:21:03.528270+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.5595141.1.1.153UDP
                                                                                                                              2024-10-25T05:21:03.539369+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.5561471.1.1.153UDP
                                                                                                                              2024-10-25T05:21:03.551204+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.5508641.1.1.153UDP
                                                                                                                              2024-10-25T05:21:03.570002+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.5553341.1.1.153UDP
                                                                                                                              2024-10-25T05:21:05.056705+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.549704104.102.49.254443TCP

                                                                                                                              Network Port Distribution

                                                                                                                              TCP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Oct 25, 2024 05:21:03.595208883 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:03.595295906 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:03.595455885 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:03.596498966 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:03.596534967 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:04.456173897 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:04.456429005 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:04.460618973 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:04.460673094 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:04.461110115 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:04.506625891 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:04.551366091 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:05.056685925 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:05.056723118 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:05.056768894 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:05.056793928 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:05.056827068 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:05.056895971 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:05.056895971 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:05.056895971 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:05.056895971 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:05.056895971 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:05.056967974 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:05.057060957 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:05.060029030 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:05.060072899 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:05.060113907 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:05.060252905 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:05.060252905 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:05.060254097 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:05.061547995 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:05.061594009 CEST44349704104.102.49.254192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:05.061626911 CEST49704443192.168.2.5104.102.49.254
                                                                                                                              Oct 25, 2024 05:21:05.061641932 CEST44349704104.102.49.254192.168.2.5

                                                                                                                              UDP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Oct 25, 2024 05:21:03.481297970 CEST5428053192.168.2.51.1.1.1
                                                                                                                              Oct 25, 2024 05:21:03.490648031 CEST53542801.1.1.1192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:03.494083881 CEST6241853192.168.2.51.1.1.1
                                                                                                                              Oct 25, 2024 05:21:03.503601074 CEST53624181.1.1.1192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:03.505755901 CEST5642653192.168.2.51.1.1.1
                                                                                                                              Oct 25, 2024 05:21:03.515208960 CEST53564261.1.1.1192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:03.517507076 CEST6212653192.168.2.51.1.1.1
                                                                                                                              Oct 25, 2024 05:21:03.526118040 CEST53621261.1.1.1192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:03.528270006 CEST5951453192.168.2.51.1.1.1
                                                                                                                              Oct 25, 2024 05:21:03.537321091 CEST53595141.1.1.1192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:03.539369106 CEST5614753192.168.2.51.1.1.1
                                                                                                                              Oct 25, 2024 05:21:03.548862934 CEST53561471.1.1.1192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:03.551203966 CEST5086453192.168.2.51.1.1.1
                                                                                                                              Oct 25, 2024 05:21:03.567805052 CEST53508641.1.1.1192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:03.570002079 CEST5533453192.168.2.51.1.1.1
                                                                                                                              Oct 25, 2024 05:21:03.579183102 CEST53553341.1.1.1192.168.2.5
                                                                                                                              Oct 25, 2024 05:21:03.583084106 CEST6422853192.168.2.51.1.1.1
                                                                                                                              Oct 25, 2024 05:21:03.590295076 CEST53642281.1.1.1192.168.2.5

                                                                                                                              DNS Queries

                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                              Oct 25, 2024 05:21:03.481297970 CEST192.168.2.51.1.1.10x8069Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.494083881 CEST192.168.2.51.1.1.10x8bfdStandard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.505755901 CEST192.168.2.51.1.1.10x2014Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.517507076 CEST192.168.2.51.1.1.10xdc42Standard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.528270006 CEST192.168.2.51.1.1.10xe632Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.539369106 CEST192.168.2.51.1.1.10x44f8Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.551203966 CEST192.168.2.51.1.1.10x43b8Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.570002079 CEST192.168.2.51.1.1.10x262dStandard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.583084106 CEST192.168.2.51.1.1.10x8703Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                              DNS Answers

                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                              Oct 25, 2024 05:21:03.490648031 CEST1.1.1.1192.168.2.50x8069Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.503601074 CEST1.1.1.1192.168.2.50x8bfdName error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.515208960 CEST1.1.1.1192.168.2.50x2014Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.526118040 CEST1.1.1.1192.168.2.50xdc42Name error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.537321091 CEST1.1.1.1192.168.2.50xe632Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.548862934 CEST1.1.1.1192.168.2.50x44f8Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.567805052 CEST1.1.1.1192.168.2.50x43b8Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.579183102 CEST1.1.1.1192.168.2.50x262dName error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 25, 2024 05:21:03.590295076 CEST1.1.1.1192.168.2.50x8703No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

                                                                                                                              HTTP Request Dependency Graph

                                                                                                                              • steamcommunity.com

                                                                                                                              HTTPS Proxied Packets

                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.2.549704104.102.49.2544434268C:\Users\user\Desktop\file.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-10-25 03:21:04 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                              Connection: Keep-Alive
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                              Host: steamcommunity.com
                                                                                                                              2024-10-25 03:21:05 UTC1917INHTTP/1.1 200 OK
                                                                                                                              Server: nginx
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Date: Fri, 25 Oct 2024 03:21:04 GMT
                                                                                                                              Content-Length: 26105
                                                                                                                              Connection: close
                                                                                                                              Set-Cookie: sessionid=7b4fd9d49ecb286094e89d59; Path=/; Secure; SameSite=None
                                                                                                                              Set-Cookie: steamCountry=US%7C42cb6563c5fec8103907e3e99aebe27b; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                              2024-10-25 03:21:05 UTC14467INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                              2024-10-25 03:21:05 UTC11638INData Raw: 22 3f 6c 3d 74 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 b9 81 e9 ab 94 e4 b8 ad e6 96 87 20 28 54 72 61 64 69 74 69 6f 6e 61 6c 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 6a 61 70 61 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6a 61 70 61 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e6 97 a5 e6 9c ac e8 aa 9e 20 28 4a
                                                                                                                              Data Ascii: "?l=tchinese" onclick="ChangeLanguage( 'tchinese' ); return false;"> (Traditional Chinese)</a><a class="popup_menu_item tight" href="?l=japanese" onclick="ChangeLanguage( 'japanese' ); return false;"> (J


                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              High Level Behavior Distribution

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              System Behavior

                                                                                                                              General

                                                                                                                              Target ID:0
                                                                                                                              Start time:23:21:01
                                                                                                                              Start date:24/10/2024
                                                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                              Imagebase:0x5f0000
                                                                                                                              File size:2'944'000 bytes
                                                                                                                              MD5 hash:4CC039AC299C83B717D9CA4CC319A298
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              Disassembly

                                                                                                                              Reset < >

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:0.8%
                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                Signature Coverage:71.4%
                                                                                                                                Total number of Nodes:42
                                                                                                                                Total number of Limit Nodes:4
                                                                                                                                execution_graph 20958 633202 RtlAllocateHeap 20989 6399d0 20991 6399f5 20989->20991 20990 639b0e 20992 639a5f 20991->20992 20995 635bb0 LdrInitializeThunk 20991->20995 20992->20990 20996 635bb0 LdrInitializeThunk 20992->20996 20995->20992 20996->20990 20959 62d9cb 20961 62d9fb 20959->20961 20960 62da65 20961->20960 20963 635bb0 LdrInitializeThunk 20961->20963 20963->20961 20964 5fedb5 20966 5fedd0 20964->20966 20968 5ffca0 20966->20968 20971 5ffcdc 20968->20971 20969 5fef70 20971->20969 20972 633220 20971->20972 20973 6332a2 RtlFreeHeap 20972->20973 20974 633236 20972->20974 20975 6332ac 20972->20975 20973->20975 20974->20973 20975->20969 21002 6364b8 21004 6363f2 21002->21004 21003 63646e 21004->21003 21006 635bb0 LdrInitializeThunk 21004->21006 21006->21003 21007 60049b 21011 600227 21007->21011 21008 600455 21010 635700 2 API calls 21008->21010 21012 600308 21010->21012 21011->21008 21011->21012 21013 635700 21011->21013 21014 635797 21013->21014 21015 63571b 21013->21015 21017 63578c 21013->21017 21019 635729 21013->21019 21018 633220 RtlFreeHeap 21014->21018 21015->21014 21015->21017 21015->21019 21016 635776 RtlReAllocateHeap 21016->21017 21017->21008 21018->21017 21019->21016 20976 5fd110 20980 5fd119 20976->20980 20977 5fd2ee ExitProcess 20978 5fd2e9 20983 6356e0 FreeLibrary 20978->20983 20980->20977 20980->20978 20982 600b40 FreeLibrary 20980->20982 20982->20978 20983->20977

                                                                                                                                Executed Functions

                                                                                                                                Function 005FFCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 25 5ffca0-5ffcda 26 5ffcdc-5ffcdf 25->26 27 5ffd0b-5ffe22 25->27 28 5ffce0-5ffd09 call 602690 26->28 29 5ffe5b-5ffe8c 27->29 30 5ffe24 27->30 28->27 33 5ffe8e-5ffe8f 29->33 34 5ffeb6-5ffec5 call 600b50 29->34 32 5ffe30-5ffe59 call 602760 30->32 32->29 37 5ffe90-5ffeb4 call 602700 33->37 39 5ffeca-5ffecf 34->39 37->34 42 5ffed5-5ffef8 39->42 43 5fffe4-5fffe6 39->43 45 5fff2b-5fff2d 42->45 46 5ffefa 42->46 47 6001b1-6001bb 43->47 49 5fff30-5fff3a 45->49 48 5fff00-5fff29 call 6027e0 46->48 48->45 51 5fff3c-5fff3f 49->51 52 5fff41-5fff49 49->52 51->49 51->52 54 5fff4f-5fff76 52->54 55 6001a2-6001ad call 633220 52->55 57 5fffab-5fffb5 54->57 58 5fff78 54->58 55->47 59 5fffeb 57->59 60 5fffb7-5fffbb 57->60 62 5fff80-5fffa9 call 602840 58->62 64 5fffed-5fffef 59->64 63 5fffc7-5fffcb 60->63 62->57 66 60019a 63->66 67 5fffd1-5fffd8 63->67 64->66 68 5ffff5-60002c 64->68 66->55 70 5fffde 67->70 71 5fffda-5fffdc 67->71 72 60005b-600065 68->72 73 60002e-60002f 68->73 76 5fffc0-5fffc5 70->76 77 5fffe0-5fffe2 70->77 71->70 74 6000a4 72->74 75 600067-60006f 72->75 78 600030-600059 call 6028a0 73->78 80 6000a6-6000a8 74->80 79 600087-60008b 75->79 76->63 76->64 77->76 78->72 79->66 82 600091-600098 79->82 80->66 83 6000ae-6000c5 80->83 85 60009a-60009c 82->85 86 60009e 82->86 87 6000c7 83->87 88 6000fb-600102 83->88 85->86 89 600080-600085 86->89 90 6000a0-6000a2 86->90 91 6000d0-6000f9 call 602900 87->91 92 600130-60013c 88->92 93 600104-60010d 88->93 89->79 89->80 90->89 91->88 95 6001c2-6001c7 92->95 94 600117-60011b 93->94 94->66 97 60011d-600124 94->97 95->55 99 600126-600128 97->99 100 60012a 97->100 99->100 101 600110-600115 100->101 102 60012c-60012e 100->102 101->94 103 600141-600143 101->103 102->101 103->66 104 600145-60015b 103->104 104->95 105 60015d-60015f 104->105 106 600163-600166 105->106 107 600168-600188 call 602030 106->107 108 6001bc 106->108 111 600192-600198 107->111 112 60018a-600190 107->112 108->95 111->95 112->106 112->111
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: J|BJ$V$VY^_$t
                                                                                                                                • API String ID: 0-3701112211
                                                                                                                                • Opcode ID: 330903f682b97640759a1355a12909796d6e1ab9265ed8245cf5265bc233cce4
                                                                                                                                • Instruction ID: 64983a16d8a0cd7f645af7242f8bb9fca31b17b03126067d0503f5cc93459484
                                                                                                                                • Opcode Fuzzy Hash: 330903f682b97640759a1355a12909796d6e1ab9265ed8245cf5265bc233cce4
                                                                                                                                • Instruction Fuzzy Hash: 3AD177745483809BE318DF54849476FBBE2AF96748F18886CF5C98B392C336CD49DB92
                                                                                                                                Function 005FD110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 149 5fd110-5fd11b call 634cc0 152 5fd2ee-5fd2f6 ExitProcess 149->152 153 5fd121-5fd130 call 62c8d0 149->153 157 5fd2e9 call 6356e0 153->157 158 5fd136-5fd15f 153->158 157->152 162 5fd196-5fd1bf 158->162 163 5fd161 158->163 165 5fd1f6-5fd20c 162->165 166 5fd1c1 162->166 164 5fd170-5fd194 call 5fd300 163->164 164->162 169 5fd20e-5fd20f 165->169 170 5fd239-5fd23b 165->170 168 5fd1d0-5fd1f4 call 5fd370 166->168 168->165 175 5fd210-5fd237 call 5fd3e0 169->175 171 5fd23d-5fd25a 170->171 172 5fd286-5fd2aa 170->172 171->172 176 5fd25c-5fd25f 171->176 177 5fd2ac-5fd2af 172->177 178 5fd2d6 call 5fe8f0 172->178 175->170 181 5fd260-5fd284 call 5fd440 176->181 182 5fd2b0-5fd2d4 call 5fd490 177->182 187 5fd2db-5fd2dd 178->187 181->172 182->178 187->157 190 5fd2df-5fd2e4 call 602f10 call 600b40 187->190 190->157
                                                                                                                                APIs
                                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 005FD2F1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExitProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 621844428-0
                                                                                                                                • Opcode ID: b181cb51abe215423c3e5e36084648152689db4abb90402c0cf4abe2e8a77ec3
                                                                                                                                • Instruction ID: a838b1e2805a7ab952ee4b8e1b59e12d5ddf5ab53cb32bc08412e19b45111156
                                                                                                                                • Opcode Fuzzy Hash: b181cb51abe215423c3e5e36084648152689db4abb90402c0cf4abe2e8a77ec3
                                                                                                                                • Instruction Fuzzy Hash: BE41357450D344ABC701BB64D589A2EFFF6AF92744F148C0CE6C497252C33AD8149BAB
                                                                                                                                Function 00635700 Relevance: 1.6, APIs: 1, Instructions: 69memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 194 635700-635714 195 6357b2 194->195 196 6357b0 194->196 197 635797-6357a5 call 633220 194->197 198 63571b-635722 194->198 199 635729-63574a 194->199 200 63578c-635795 call 6331a0 194->200 201 6357b4-6357b9 195->201 196->195 197->196 198->195 198->196 198->197 198->199 202 635776-63578a RtlReAllocateHeap 199->202 203 63574c-63574f 199->203 200->201 202->201 206 635750-635774 call 635b30 203->206 206->202
                                                                                                                                APIs
                                                                                                                                • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00635784
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                • Opcode ID: 1154c96bf34a9f6a05d0bafb2dbeca0214935dcab40117e17ee1271711cbacaf
                                                                                                                                • Instruction ID: 695ffd5bea619a99f6cfc4e347bcd3084155a1965a90f577ffe5077ff0508a6f
                                                                                                                                • Opcode Fuzzy Hash: 1154c96bf34a9f6a05d0bafb2dbeca0214935dcab40117e17ee1271711cbacaf
                                                                                                                                • Instruction Fuzzy Hash: 68119A7591C250EBC301AF28E940A1BBBF6EF96710F05882CE8C59B321D339D915CBA6
                                                                                                                                Function 00635BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 221 635bb0-635be2 LdrInitializeThunk
                                                                                                                                APIs
                                                                                                                                • LdrInitializeThunk.NTDLL(0063973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00635BDE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                                • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                                Function 0063695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 250 63695b-63696b call 634a20 253 636981-636a02 250->253 254 63696d 250->254 255 636a36-636a42 253->255 256 636a04 253->256 257 636970-63697f 254->257 259 636a85-636a9f 255->259 260 636a44-636a4f 255->260 258 636a10-636a34 call 6373e0 256->258 257->253 257->257 258->255 262 636a50-636a57 260->262 264 636a60-636a66 262->264 265 636a59-636a5c 262->265 264->259 267 636a68-636a7d call 635bb0 264->267 265->262 266 636a5e 265->266 266->259 269 636a82 267->269 269->259
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                • Opcode ID: 7fd86e1684c85c9c807a599d438f444411b6e5e58a871d187049d83a2f0d6529
                                                                                                                                • Instruction ID: af45d8324b638d1eba06ba8c13b4aba541a7d9f53d886482ca949db88314b1dc
                                                                                                                                • Opcode Fuzzy Hash: 7fd86e1684c85c9c807a599d438f444411b6e5e58a871d187049d83a2f0d6529
                                                                                                                                • Instruction Fuzzy Hash: 28318AB5518301AFD718EF14C8A076ABBF2EF85344F54982CF5C6973A1E7349904CB96
                                                                                                                                Function 0060049B Relevance: .3, Instructions: 264COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 270 60049b-600515 call 5fc9f0 274 600440-600458 call 635700 270->274 275 600480 270->275 276 600242-600244 270->276 277 600482-600484 270->277 278 600246-600260 270->278 279 600386-60038c 270->279 280 600227-60023b 270->280 281 600308-60030c 270->281 282 6003ec-6003f4 270->282 283 600370-60037e 270->283 284 6003d0-6003d7 270->284 285 600311-600320 270->285 286 600472-600477 270->286 287 600393-600397 270->287 288 600356 270->288 289 600417-600430 270->289 290 600339-60034f 270->290 291 60045b-600469 call 635700 270->291 292 6003fb-600414 270->292 293 60051c-60051e 270->293 294 6003be 270->294 295 6003de-6003e3 270->295 296 60035f-600367 270->296 274->291 297 600296-6002bd 276->297 302 60048d-600496 277->302 298 600262 278->298 299 600294 278->299 279->275 279->277 279->286 279->287 280->274 280->275 280->276 280->277 280->278 280->279 280->281 280->282 280->283 280->284 280->285 280->286 280->287 280->288 280->289 280->290 280->291 280->292 280->294 280->295 280->296 281->302 282->275 282->277 282->286 282->287 282->292 283->279 284->275 284->277 284->279 284->282 284->286 284->287 284->289 284->292 284->295 311 600327-600332 285->311 286->275 304 6003a0-6003b7 287->304 288->296 289->274 290->274 290->275 290->277 290->279 290->282 290->283 290->284 290->286 290->287 290->288 290->289 290->291 290->292 290->294 290->295 290->296 291->286 292->289 300 600520-600b30 293->300 294->284 295->282 296->283 306 6002ea-600301 297->306 307 6002bf 297->307 305 600270-600292 call 602eb0 298->305 299->297 302->300 304->274 304->275 304->277 304->279 304->282 304->284 304->286 304->287 304->289 304->291 304->292 304->294 304->295 305->299 306->274 306->275 306->277 306->279 306->281 306->282 306->283 306->284 306->285 306->286 306->287 306->288 306->289 306->290 306->291 306->292 306->294 306->295 306->296 316 6002c0-6002e8 call 602e70 307->316 311->274 311->275 311->277 311->279 311->282 311->283 311->284 311->286 311->287 311->288 311->289 311->290 311->291 311->292 311->294 311->295 311->296 316->306
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 96ad714d2f051726c3d009a52de5de0fff3c64b6026bca74fb7c85897416cc6f
                                                                                                                                • Instruction ID: 42b3deb35e260eb60b3c487a27167abb8245810e156725b7e776d735640fa7c7
                                                                                                                                • Opcode Fuzzy Hash: 96ad714d2f051726c3d009a52de5de0fff3c64b6026bca74fb7c85897416cc6f
                                                                                                                                • Instruction Fuzzy Hash: 10916975600B00CFD7298F25D8A4B17B7F6FF89314F118A6CE8568BAA1DB31E815CB90
                                                                                                                                Function 00600228 Relevance: .2, Instructions: 218COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 324 600228-60023b 325 600440-600458 call 635700 324->325 326 600480 324->326 327 600242-600244 324->327 328 600482-600484 324->328 329 600246-600260 324->329 330 600386-60038c 324->330 331 600308-60030c 324->331 332 6003ec-6003f4 324->332 333 600370-60037e 324->333 334 6003d0-6003d7 324->334 335 600311-600320 324->335 336 600472-600477 324->336 337 600393-600397 324->337 338 600356 324->338 339 600417-600430 324->339 340 600339-60034f 324->340 341 60045b-600469 call 635700 324->341 342 6003fb-600414 324->342 343 6003be 324->343 344 6003de-6003e3 324->344 345 60035f-600367 324->345 325->341 346 600296-6002bd 327->346 350 60048d-600b30 328->350 347 600262 329->347 348 600294 329->348 330->326 330->328 330->336 330->337 331->350 332->326 332->328 332->336 332->337 332->342 333->330 334->326 334->328 334->330 334->332 334->336 334->337 334->339 334->342 334->344 359 600327-600332 335->359 336->326 352 6003a0-6003b7 337->352 338->345 339->325 340->325 340->326 340->328 340->330 340->332 340->333 340->334 340->336 340->337 340->338 340->339 340->341 340->342 340->343 340->344 340->345 341->336 342->339 343->334 344->332 345->333 354 6002ea-600301 346->354 355 6002bf 346->355 353 600270-600292 call 602eb0 347->353 348->346 352->325 352->326 352->328 352->330 352->332 352->334 352->336 352->337 352->339 352->341 352->342 352->343 352->344 353->348 354->325 354->326 354->328 354->330 354->331 354->332 354->333 354->334 354->335 354->336 354->337 354->338 354->339 354->340 354->341 354->342 354->343 354->344 354->345 363 6002c0-6002e8 call 602e70 355->363 359->325 359->326 359->328 359->330 359->332 359->333 359->334 359->336 359->337 359->338 359->339 359->340 359->341 359->342 359->343 359->344 359->345 363->354
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cdd506bba58901e3ba6924a2a218d1ea4e0e31c7718f5fcbfcf02319fb9690b7
                                                                                                                                • Instruction ID: 75abad47646a5e9bcc961815c58fdc29cc3609c18cc2517cc0fe557c51bc9e94
                                                                                                                                • Opcode Fuzzy Hash: cdd506bba58901e3ba6924a2a218d1ea4e0e31c7718f5fcbfcf02319fb9690b7
                                                                                                                                • Instruction Fuzzy Hash: F5715874600701DFE7298F25E8A4B17B7F7FF4A315F10896CE8568B6A2DB31A815CB90
                                                                                                                                Function 006399D0 Relevance: .1, Instructions: 143COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c32b682b92680be237005ffcfcce8fc59410d7eb9ed5108d93a2783fdbee0ebe
                                                                                                                                • Instruction ID: 90650fec3162ceb2ef4c1785b878ed028ba409bbe5514e30619f0765d97e2fb3
                                                                                                                                • Opcode Fuzzy Hash: c32b682b92680be237005ffcfcce8fc59410d7eb9ed5108d93a2783fdbee0ebe
                                                                                                                                • Instruction Fuzzy Hash: 2A419D34208340ABD7149A15D890B6BFBE7EB86714F14892CF5CA97351D371E801DFA2
                                                                                                                                Function 006363B8 Relevance: .1, Instructions: 99COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: a2b95faa0f920771d6ce6e706f98fb3a3cdcc99fd4ebef490628f4b56d1f60be
                                                                                                                                • Instruction ID: aa399b8bbefcfb6b196effb8ae1656fe04d0f1c779ceca17963e70402158cd3d
                                                                                                                                • Opcode Fuzzy Hash: a2b95faa0f920771d6ce6e706f98fb3a3cdcc99fd4ebef490628f4b56d1f60be
                                                                                                                                • Instruction Fuzzy Hash: BE31A274649301BBE724DB04CD82F7AB7E7EB81B51F64D51CF1825B2E2D370A8118B96
                                                                                                                                Function 00600EEC Relevance: .1, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f22c2ed5b0d2b8e90d2e3e958923e0bb927989251020c52825500c710dd7c144
                                                                                                                                • Instruction ID: 0172a63e0b290ac44c095294260a73a0be02c29a9d899192f4330607a9fbd106
                                                                                                                                • Opcode Fuzzy Hash: f22c2ed5b0d2b8e90d2e3e958923e0bb927989251020c52825500c710dd7c144
                                                                                                                                • Instruction Fuzzy Hash: 1321E9B490021A9FEB15CF94DC90BBFBBB2FB4A304F144859E911AB291C735A911CB64
                                                                                                                                Function 00633220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 211 633220-63322f 212 6332a2-6332a6 RtlFreeHeap 211->212 213 6332a0 211->213 214 633236-633252 211->214 215 6332ac-6332b0 211->215 212->215 213->212 216 633286-633296 214->216 217 633254 214->217 216->213 218 633260-633284 call 635af0 217->218 218->216
                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(?,00000000), ref: 006332A6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                • Opcode ID: f94afe195b936e50743790219b75e6aa515905dd001b51fc36550bf65f1e8ff0
                                                                                                                                • Instruction ID: d65127fa739aa83d176865a88ec78c075fcc9944bad6c8fca36f235391624d9e
                                                                                                                                • Opcode Fuzzy Hash: f94afe195b936e50743790219b75e6aa515905dd001b51fc36550bf65f1e8ff0
                                                                                                                                • Instruction Fuzzy Hash: 3F01693490D2909BC701EF18E885A1ABBEAEF5AB00F058C1CE5C58B361D335DD60DBA2
                                                                                                                                Function 00633202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 222 633202-633211 RtlAllocateHeap
                                                                                                                                APIs
                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000), ref: 00633208
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                • Opcode ID: bc605950e8bd9fd361b05cd3d87259a978a045cee939ec1f1a2c2e32196982d5
                                                                                                                                • Instruction ID: bca94f7d3e00fb4a3670aac7c38ade02bc22827a61377a2ae2c16357332f3aad
                                                                                                                                • Opcode Fuzzy Hash: bc605950e8bd9fd361b05cd3d87259a978a045cee939ec1f1a2c2e32196982d5
                                                                                                                                • Instruction Fuzzy Hash: 02B012344400005FDB041B00EC0AF003511EB00605F801050A100040B1D1655864C554

                                                                                                                                Non-executed Functions

                                                                                                                                Function 0060DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                                                                • API String ID: 2994545307-1418943773
                                                                                                                                • Opcode ID: 01d0d21bfde317295e951ada6dffc2a3c50e04f9e9f53073fefb166244178110
                                                                                                                                • Instruction ID: cfbd7881b3d0865cd1d8706b3010451e7a293e428df5a448a6746221c60301f2
                                                                                                                                • Opcode Fuzzy Hash: 01d0d21bfde317295e951ada6dffc2a3c50e04f9e9f53073fefb166244178110
                                                                                                                                • Instruction Fuzzy Hash: 6DF289B05483919BD778CF14C894BABBBE2BFD5304F144C2CE4C98B292D7769985CB92
                                                                                                                                Function 006223E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
                                                                                                                                • API String ID: 0-786070067
                                                                                                                                • Opcode ID: 7cb2f894e2723462c830fd2a5705899c8fbb7685b11847f975cc0a0e5b67d27f
                                                                                                                                • Instruction ID: b928f4bd4578355f9f96c51fb5ac7794946bd1cf30e2ec0622781d1f3cf2c27b
                                                                                                                                • Opcode Fuzzy Hash: 7cb2f894e2723462c830fd2a5705899c8fbb7685b11847f975cc0a0e5b67d27f
                                                                                                                                • Instruction Fuzzy Hash: B033CE70504B918FD7258F38D590762BBE2BF16304F58899DE4DA8BB82C735E906CFA1
                                                                                                                                Function 00619F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                                                                • API String ID: 0-1131134755
                                                                                                                                • Opcode ID: 40adfa10b25cd65f6a5c811bf8bb0f8e89913b69dea521d7a79b147aad96295d
                                                                                                                                • Instruction ID: 3e2b4f028bb0f250b266e0b6d03bb2d503dd638e45923cacb4fd164070ba46ec
                                                                                                                                • Opcode Fuzzy Hash: 40adfa10b25cd65f6a5c811bf8bb0f8e89913b69dea521d7a79b147aad96295d
                                                                                                                                • Instruction Fuzzy Hash: 6F52C7B804D385CAE270CF65D581B8EBAF1BB92740F648A1DE1ED9B255DB708085CF93
                                                                                                                                Function 00619510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                                • API String ID: 0-655414846
                                                                                                                                • Opcode ID: f495ded40457428e4e09b4d6e4e28b8b026cd6ac984d0213d9f6f7a36d70973e
                                                                                                                                • Instruction ID: 4ecb1b24c07a6bafd01384b2caa0b0f6bd5dc9fdba03026e4c0cd81c649c1231
                                                                                                                                • Opcode Fuzzy Hash: f495ded40457428e4e09b4d6e4e28b8b026cd6ac984d0213d9f6f7a36d70973e
                                                                                                                                • Instruction Fuzzy Hash: BCF14FB4108380ABD310DF15D890A6BBBF6FB86744F084D1CF5D59B252D334D948CBA6
                                                                                                                                Function 0061DD29 Relevance: 18.6, Strings: 14, Instructions: 1142COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: a$%*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$ra$upH}${E$a
                                                                                                                                • API String ID: 0-2378412053
                                                                                                                                • Opcode ID: 626385077914ae1745c66f52883bbf77e29d160ae9f2c85f1f94e5e4ad7f4ab8
                                                                                                                                • Instruction ID: fb7760a021cddb05b29a4cded92f18e5e4b8a8936567d5ac98a8f9b9aa6f0405
                                                                                                                                • Opcode Fuzzy Hash: 626385077914ae1745c66f52883bbf77e29d160ae9f2c85f1f94e5e4ad7f4ab8
                                                                                                                                • Instruction Fuzzy Hash: EC92CF75E00215CFDB04CF68D8516AEBBB2FF8A310F298168E856AB391D735E941CB90
                                                                                                                                Function 007C2F9B Relevance: 11.6, Strings: 8, Instructions: 1639COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Gg{o$^O+$dKRf$tlwu$}nz$gw$j{o$w_
                                                                                                                                • API String ID: 0-1133557404
                                                                                                                                • Opcode ID: 156022c891b5d7b1c8c558a024668d173fb374194c2d17ed75c2591bc176a1ff
                                                                                                                                • Instruction ID: a881d56dedd95a5183fb1d13b55ecea6a2669ff3eca52b87c7567c8689ccc94b
                                                                                                                                • Opcode Fuzzy Hash: 156022c891b5d7b1c8c558a024668d173fb374194c2d17ed75c2591bc176a1ff
                                                                                                                                • Instruction Fuzzy Hash: B0B228F3A0C200AFE7046E2DEC8567AB7E9EF94720F1A893DE6C5C7744E63558058693
                                                                                                                                Function 007C4B37 Relevance: 11.6, Strings: 8, Instructions: 1603COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: "J^$=AwG$M2AH$R_v$`Sc7$`Sc7$gO~o$z'n
                                                                                                                                • API String ID: 0-4247747601
                                                                                                                                • Opcode ID: df7011d806da4f70d4b49b493ebfb8285226dc43db20ce71d227ee9b86a731d0
                                                                                                                                • Instruction ID: 0854ee0ef2615e1e206cdc46ed649376d153d2503954110877802cd32f2b22a0
                                                                                                                                • Opcode Fuzzy Hash: df7011d806da4f70d4b49b493ebfb8285226dc43db20ce71d227ee9b86a731d0
                                                                                                                                • Instruction Fuzzy Hash: 31B217F360C200AFE308AE29EC9567AFBE9EF94720F16893DE6C5C3744E67558008756
                                                                                                                                Function 007B06A8 Relevance: 11.6, Strings: 8, Instructions: 1565COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: GO_$Klw=$Oi?U$VCq}$]=o$%{_$I $nz
                                                                                                                                • API String ID: 0-2553555449
                                                                                                                                • Opcode ID: 73cfae151aafc6cc4c8552465ad3149758a2b7c173c9e9ccd0a3cf5175c948a3
                                                                                                                                • Instruction ID: 4704c23d5cd1098a5b9b1b8526fe04bed3ab67b436261546de2f78f8d699131e
                                                                                                                                • Opcode Fuzzy Hash: 73cfae151aafc6cc4c8552465ad3149758a2b7c173c9e9ccd0a3cf5175c948a3
                                                                                                                                • Instruction Fuzzy Hash: E0B2C3F3608204AFE3046F1DEC8567AFBE9EF94720F1A492DEAC4C3744E63598058697
                                                                                                                                Function 0061098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                                                                • API String ID: 0-4102007303
                                                                                                                                • Opcode ID: d0f25cc41d3bccb431855157420455db9637be050622feeb3f8620bb466f2cac
                                                                                                                                • Instruction ID: 1cdb2f5f2c9776960076bb8a109c69609397f8c77243604257c7b9d512ea1b4d
                                                                                                                                • Opcode Fuzzy Hash: d0f25cc41d3bccb431855157420455db9637be050622feeb3f8620bb466f2cac
                                                                                                                                • Instruction Fuzzy Hash: 836288B56083818BD730CF14D495BABBBE2FF96314F08492DE59A8B741E3759980CB93
                                                                                                                                Function 005F1000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                                                                • API String ID: 0-2517803157
                                                                                                                                • Opcode ID: 60a0c5663d72eafb8316c79059a9a8b702737bd9de80dd4ed9a658f6933f5b93
                                                                                                                                • Instruction ID: de443c49c21ac94c415b6bf6b2e52a59063d8a431c116e57e1de23ae8d81c1ea
                                                                                                                                • Opcode Fuzzy Hash: 60a0c5663d72eafb8316c79059a9a8b702737bd9de80dd4ed9a658f6933f5b93
                                                                                                                                • Instruction Fuzzy Hash: 46D2F1716087468FD718CE28C49437ABFE2BBC5314F188A2DE699CB391D778D945CB82
                                                                                                                                Function 007B3B44 Relevance: 9.2, Strings: 6, Instructions: 1690COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: .o$A+kB$rf?$saV$ts(x$xgd
                                                                                                                                • API String ID: 0-1556348155
                                                                                                                                • Opcode ID: dfa516cfea8f2e91e57fc3d62c6a11ea18328fa3e34eae0116ab46d117bde99c
                                                                                                                                • Instruction ID: fe98934909ca47febc7f074f0cc8f98049cbd445373ff2ac9b89a09659b01d0b
                                                                                                                                • Opcode Fuzzy Hash: dfa516cfea8f2e91e57fc3d62c6a11ea18328fa3e34eae0116ab46d117bde99c
                                                                                                                                • Instruction Fuzzy Hash: 22B22BF390C204AFE3046E2DEC8577AB7E9EB94360F1A463DEAC4D7744E53598018697
                                                                                                                                Function 007B20B7 Relevance: 9.1, Strings: 6, Instructions: 1586COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Vfzn$d6!}$fr7k$mP}?$]/$Y;
                                                                                                                                • API String ID: 0-249751085
                                                                                                                                • Opcode ID: 0e43cbfdb845bcd0c6f22e6c41916c7b18017dffb6ea127ef6421e6621a9db4b
                                                                                                                                • Instruction ID: 1cd11b6ea6c55e598d8c66370dbd3df81c2af6167dcdd2ee9be390bef1d0d157
                                                                                                                                • Opcode Fuzzy Hash: 0e43cbfdb845bcd0c6f22e6c41916c7b18017dffb6ea127ef6421e6621a9db4b
                                                                                                                                • Instruction Fuzzy Hash: B2B2E4F360C200AFE7046E2DEC8567ABBE9EF94720F1A493DEAC4C3744E67558418796
                                                                                                                                Function 007BA99C Relevance: 9.1, Strings: 6, Instructions: 1566COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: &ou?$Fz$bHwo$j(~$vT.~${
                                                                                                                                • API String ID: 0-3297960437
                                                                                                                                • Opcode ID: c7c19211610053e21f10d68f5afb06114cc6cd28a7e392467ab03db8ad6d249d
                                                                                                                                • Instruction ID: 8de75c90bcc65004e2587787353b9cfa06637209f6695d56ecb9dd526a6e285d
                                                                                                                                • Opcode Fuzzy Hash: c7c19211610053e21f10d68f5afb06114cc6cd28a7e392467ab03db8ad6d249d
                                                                                                                                • Instruction Fuzzy Hash: FFB2F4F360C2049FE7046E29EC8567AFBE9EF94720F16492DEAC4C3744EA3598418797
                                                                                                                                Function 007C6681 Relevance: 7.9, Strings: 5, Instructions: 1645COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: A~$BzoY$Et{}$^.S?$f?Y
                                                                                                                                • API String ID: 0-1103655072
                                                                                                                                • Opcode ID: db3b391db5f2f3e059f873ce099fa82244ade6cbf1a0c741e5816f6cc708a3ec
                                                                                                                                • Instruction ID: be54d5dd011e09b60d29e51e0087459ed12fddb7f1d534b44548b4b91f5fe607
                                                                                                                                • Opcode Fuzzy Hash: db3b391db5f2f3e059f873ce099fa82244ade6cbf1a0c741e5816f6cc708a3ec
                                                                                                                                • Instruction Fuzzy Hash: 3BB21AF360C2049FE304AE2DEC8567ABBE9EFD4720F16863DE6C5C7744EA3558058692
                                                                                                                                Function 007BDE17 Relevance: 7.9, Strings: 5, Instructions: 1625COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: v{$!.t$6s<}$<_v$ix1
                                                                                                                                • API String ID: 0-3715587522
                                                                                                                                • Opcode ID: 8323d9ebb9653b7d1c24b7019a973ecf46e2af86799fa1551debd70f01262910
                                                                                                                                • Instruction ID: 93a60d79fe31bd73cbee16c87c65b48bd8f9e603aa86074ae6e357117790bebf
                                                                                                                                • Opcode Fuzzy Hash: 8323d9ebb9653b7d1c24b7019a973ecf46e2af86799fa1551debd70f01262910
                                                                                                                                • Instruction Fuzzy Hash: EEB2F7F360C2009FE3046E2DEC8567ABBE5EF94720F1A493DEAC4C7744EA3598458697
                                                                                                                                Function 007C1583 Relevance: 7.9, Strings: 5, Instructions: 1618COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: >y$A/z/$^X6*$|ky$O>u
                                                                                                                                • API String ID: 0-2693179835
                                                                                                                                • Opcode ID: 2533dd8456aa4d43fb97ef49a563b2ebde1865ec90f1a6f2dc037a5945a8df19
                                                                                                                                • Instruction ID: 4d28ceff5c19674a9835c30cefa95a6a497e336b37d89630bc11223ce9061cf1
                                                                                                                                • Opcode Fuzzy Hash: 2533dd8456aa4d43fb97ef49a563b2ebde1865ec90f1a6f2dc037a5945a8df19
                                                                                                                                • Instruction Fuzzy Hash: A3B2F5F36086009FE304AE2DEC8567ABBE9EFD4720F1A493DE6C4C7744EA7558058693
                                                                                                                                Function 007BC553 Relevance: 7.7, Strings: 5, Instructions: 1487COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: *$*i%_$AA~{$X)m$z'K
                                                                                                                                • API String ID: 0-373724375
                                                                                                                                • Opcode ID: 139b42c57306d883de06732030f29def4f9ee3d6bef126b93ead91d07ad86938
                                                                                                                                • Instruction ID: 2d051b284c1b492d95101ff90d54f377fe2d9c0375403c55a4ae1298fed6febc
                                                                                                                                • Opcode Fuzzy Hash: 139b42c57306d883de06732030f29def4f9ee3d6bef126b93ead91d07ad86938
                                                                                                                                • Instruction Fuzzy Hash: B3A228F360C2049FE304AE2DEC8567AFBE9EF94320F1A453DE6C4C7744EA7598058696
                                                                                                                                Function 005F12F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 0$0$0$@$i
                                                                                                                                • API String ID: 0-3124195287
                                                                                                                                • Opcode ID: 00a8caaff376e7a7ee7eb1dc420881959e6468ec1cdd806e835897d63b1ffe0c
                                                                                                                                • Instruction ID: 751a58deed47ba066d28e23a38cb9da9aca46ed33c190992e5d51ce43b374d74
                                                                                                                                • Opcode Fuzzy Hash: 00a8caaff376e7a7ee7eb1dc420881959e6468ec1cdd806e835897d63b1ffe0c
                                                                                                                                • Instruction Fuzzy Hash: D062C1B160C3858BD318CE28C49477ABFE1BBD5344F188D2DEAD987291D778D949CB82
                                                                                                                                Function 005F164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                                • API String ID: 0-1123320326
                                                                                                                                • Opcode ID: 4dfd696c55c33bb78a303d8610e9bcf0c1403e810a829a2408930c8c3d0b9271
                                                                                                                                • Instruction ID: cf43385ff209fd8328a77dd0adaefff6523b87759adb95a24732a874efe15ca4
                                                                                                                                • Opcode Fuzzy Hash: 4dfd696c55c33bb78a303d8610e9bcf0c1403e810a829a2408930c8c3d0b9271
                                                                                                                                • Instruction Fuzzy Hash: ECF1BF7160C7858FC719CE28C48426AFFE2BBD9304F188A6DE5D987352D778D948CB92
                                                                                                                                Function 007B8E5F Relevance: 6.7, Strings: 4, Instructions: 1674COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: <C2S$g3t$.}O$u
                                                                                                                                • API String ID: 0-1688378979
                                                                                                                                • Opcode ID: d7364b32bd84dafba0b061f01fb14ef9c306b35e932f36143212762524a0b207
                                                                                                                                • Instruction ID: fc924ab7fd59e4889b70a675c5abec701c59150ff9be7b414836692e2bea1844
                                                                                                                                • Opcode Fuzzy Hash: d7364b32bd84dafba0b061f01fb14ef9c306b35e932f36143212762524a0b207
                                                                                                                                • Instruction Fuzzy Hash: 03B229F3A082049FE3046E2DEC8567AFBE9EFD4720F1A853DEAC4D3744E93558058696
                                                                                                                                Function 005F13A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                                • API String ID: 0-3620105454
                                                                                                                                • Opcode ID: 981de6f8155dc2ee1d37c460c940c82b1ef32725b835aa1ef6efcfd6298fd46f
                                                                                                                                • Instruction ID: 96faf4a6f6b4c168a6c0b03ff06f0e569a5416fb30003f0c36606f120f48aef4
                                                                                                                                • Opcode Fuzzy Hash: 981de6f8155dc2ee1d37c460c940c82b1ef32725b835aa1ef6efcfd6298fd46f
                                                                                                                                • Instruction Fuzzy Hash: FDD1AE7160C7868FC719CE29C48426AFFE2AFD9304F08CA6DE5D987352D638D949CB52
                                                                                                                                Function 007B759F Relevance: 6.5, Strings: 4, Instructions: 1491COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: "rwf$2Qk_$}~n$V_
                                                                                                                                • API String ID: 0-1106348967
                                                                                                                                • Opcode ID: 42d23468d31cbefac19b9ecb1a5c0b7c0a13bd4028d60b665a163d4cd23228da
                                                                                                                                • Instruction ID: 84dc10a3a07bc233213fafa5d1b8020bd05ba58cb28249c02bcaedcfdaaefc2f
                                                                                                                                • Opcode Fuzzy Hash: 42d23468d31cbefac19b9ecb1a5c0b7c0a13bd4028d60b665a163d4cd23228da
                                                                                                                                • Instruction Fuzzy Hash: 32A249F3A0C214AFE3046E2DEC8567ABBE9EF94320F1A453DEAC4C7744E97558018796
                                                                                                                                Function 0061FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: :$NA_I$m1s3$uvw
                                                                                                                                • API String ID: 0-3973114637
                                                                                                                                • Opcode ID: 3e319354b5c4a5b58a21ab46855a7aef13d6eddca216952ffd6aed6c8383bea3
                                                                                                                                • Instruction ID: 4cd5f7fff599c620862efb064c892f2e67a3c55bc7b624226c1a13802983978e
                                                                                                                                • Opcode Fuzzy Hash: 3e319354b5c4a5b58a21ab46855a7aef13d6eddca216952ffd6aed6c8383bea3
                                                                                                                                • Instruction Fuzzy Hash: 0C32ABB4508381DFE310DF28E880A6ABBE6BB8A344F14496CF5D58B392D335D955CF52
                                                                                                                                Function 00603BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($;z$p$ss
                                                                                                                                • API String ID: 0-2391135358
                                                                                                                                • Opcode ID: 45f8b00bbb489cb031099092cfe145b2a549319f3848223ffebb2118a04b4422
                                                                                                                                • Instruction ID: 5ec62af87ba6e55b5050380a07c7256901c98fb7a2ab7b821a29be286434fa74
                                                                                                                                • Opcode Fuzzy Hash: 45f8b00bbb489cb031099092cfe145b2a549319f3848223ffebb2118a04b4422
                                                                                                                                • Instruction Fuzzy Hash: 61025BB4810B009FD764EF24D986757BFF5FB02301F50895DE89A8B796E330A419CBA2
                                                                                                                                Function 00612260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: a|$hu$lc$sj
                                                                                                                                • API String ID: 0-3748788050
                                                                                                                                • Opcode ID: 2bcbd0e64872eaabbc29606d6052aacefa0c482ad1128d234bdf1f01f54a9d9c
                                                                                                                                • Instruction ID: 61ce72c3fcb9ca65c2ee790b9c0b3f67ebac7845b6eba129385997968d083e17
                                                                                                                                • Opcode Fuzzy Hash: 2bcbd0e64872eaabbc29606d6052aacefa0c482ad1128d234bdf1f01f54a9d9c
                                                                                                                                • Instruction Fuzzy Hash: BCA19E744083428BC720DF18C4A1AABB7F2FF95754F588A0CE8D59B391E339D991CB96
                                                                                                                                Function 0061D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: #'$CV$KV$T>
                                                                                                                                • API String ID: 0-95592268
                                                                                                                                • Opcode ID: 2654faba1329e29554e0eba5f36b475eda67f73d5a601cd110afb4e8fba8d840
                                                                                                                                • Instruction ID: 4f5e993058b6daa0f5ffc808972f0a7d0cd36ff8b1ea9c2b778ad64d2b683675
                                                                                                                                • Opcode Fuzzy Hash: 2654faba1329e29554e0eba5f36b475eda67f73d5a601cd110afb4e8fba8d840
                                                                                                                                • Instruction Fuzzy Hash: 688157B4801B459BDB20DF95D28519EBFB2FF12300F645A0CE486ABB55C330AA55CFE6
                                                                                                                                Function 0061AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: (g6e$,{*y$4c2a$lk
                                                                                                                                • API String ID: 0-1327526056
                                                                                                                                • Opcode ID: 87bcc53a2618e6654bdccafb75408b2951d5d425ca7472c0d90b0fad4c2d4f75
                                                                                                                                • Instruction ID: 05ee2941061326847e9c2d4764625d5abfe21f69575e342910a00dd2270211f4
                                                                                                                                • Opcode Fuzzy Hash: 87bcc53a2618e6654bdccafb75408b2951d5d425ca7472c0d90b0fad4c2d4f75
                                                                                                                                • Instruction Fuzzy Hash: 534185B4809381CBD7209F20D900BABB7F1FF86705F54A95DE5C89B260DB35D984CB96
                                                                                                                                Function 0061C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($%*+($~/i!
                                                                                                                                • API String ID: 0-4033100838
                                                                                                                                • Opcode ID: 3e7a5b826e90a8a8ef167aa0900ec0edbe1a6fe10bb88e56ba7886ece3b5f80f
                                                                                                                                • Instruction ID: b70e0acadc6ee0e862667c6038b5ef9bb1eb9d790da368d06e5db0806ceeb436
                                                                                                                                • Opcode Fuzzy Hash: 3e7a5b826e90a8a8ef167aa0900ec0edbe1a6fe10bb88e56ba7886ece3b5f80f
                                                                                                                                • Instruction Fuzzy Hash: 95E187B5518340DFE3209F64D881BAEBBF6FB86354F48882CE5C98B252D731D851CB92
                                                                                                                                Function 005F8590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: )$)$IEND
                                                                                                                                • API String ID: 0-588110143
                                                                                                                                • Opcode ID: ff35c232ee477f12fd14c047759665db8a4adcc3da28791395ad2bde929e6c9f
                                                                                                                                • Instruction ID: 45db52c9900da537379abcee49c35a1ba5aeaec01a3f291441f8056647c5b438
                                                                                                                                • Opcode Fuzzy Hash: ff35c232ee477f12fd14c047759665db8a4adcc3da28791395ad2bde929e6c9f
                                                                                                                                • Instruction Fuzzy Hash: 21E1B0B1A0870A9FE310CF29C84573ABFE1BB94314F14492DE6959B381DB79E915CBC2
                                                                                                                                Function 00634040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($f
                                                                                                                                • API String ID: 0-2038831151
                                                                                                                                • Opcode ID: 00f39f952236f4ee36145c3a8bddf8376e8d83a461941cc19860a9ebd6735e27
                                                                                                                                • Instruction ID: 277d54cdbd1d6dec6e080e6c2d917a5475c13a94fe0aaa31a9223e5a405420ee
                                                                                                                                • Opcode Fuzzy Hash: 00f39f952236f4ee36145c3a8bddf8376e8d83a461941cc19860a9ebd6735e27
                                                                                                                                • Instruction Fuzzy Hash: 1E1287716083419FC714CF18C890B6AFBE2FB89314F188A6CF8959B391DB35E945CB92
                                                                                                                                Function 0062F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: dg$hi
                                                                                                                                • API String ID: 0-2859417413
                                                                                                                                • Opcode ID: 7eeee9060b0039763dbdb54bdc467d9e23cba7b7d1e3d5dd3a7f3f26c27bb3ca
                                                                                                                                • Instruction ID: f89c55742c3ce61270a8f5afd84b7fee2fb7461340d53e8dbf1d179c5f3508b0
                                                                                                                                • Opcode Fuzzy Hash: 7eeee9060b0039763dbdb54bdc467d9e23cba7b7d1e3d5dd3a7f3f26c27bb3ca
                                                                                                                                • Instruction Fuzzy Hash: BAF18375618342EFE304CF24D8A1B6ABBF6FB86344F64992CF4858B2A1C735D845CB12
                                                                                                                                Function 005F35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Inf$NaN
                                                                                                                                • API String ID: 0-3500518849
                                                                                                                                • Opcode ID: 7cc3447d35d77d76f27de06d07135aba81e779423916ac680280f136604f29df
                                                                                                                                • Instruction ID: 477028d2178162c6e8ff70fce120ee694aeb090b02a4ba1ec8e8980a5812c4ae
                                                                                                                                • Opcode Fuzzy Hash: 7cc3447d35d77d76f27de06d07135aba81e779423916ac680280f136604f29df
                                                                                                                                • Instruction Fuzzy Hash: BFD1D571A083159BD704CF29C98062EBBE5FBC8750F14892DFAD997390E779DD058B82
                                                                                                                                Function 0060FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: BaBc$Ye[g
                                                                                                                                • API String ID: 0-286865133
                                                                                                                                • Opcode ID: dc58777710d9b23f60aa95bcafbf21cfa6632ea38857366276c9abc8bfebd911
                                                                                                                                • Instruction ID: 2489430ba298b5ed6740aa37f432bd2bcc286a49f21d4ead246c0c58a8df5a8b
                                                                                                                                • Opcode Fuzzy Hash: dc58777710d9b23f60aa95bcafbf21cfa6632ea38857366276c9abc8bfebd911
                                                                                                                                • Instruction Fuzzy Hash: FD519BB16083818AEB31CF14C485BEBB7E2FF96350F18491DE49A8B651E3B49980CB56
                                                                                                                                Function 007ADB45 Relevance: 1.9, Strings: 1, Instructions: 646COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 4Ko:
                                                                                                                                • API String ID: 0-111901713
                                                                                                                                • Opcode ID: 7d9fc572399a81775f56e2878fa30a9e7959089acc3846b83196cb473e1c3fa4
                                                                                                                                • Instruction ID: c0cffd656e0acdca8df5c87c30a40042a4eb6176fcee93528855c08479192516
                                                                                                                                • Opcode Fuzzy Hash: 7d9fc572399a81775f56e2878fa30a9e7959089acc3846b83196cb473e1c3fa4
                                                                                                                                • Instruction Fuzzy Hash: 1B1247F360C3049FE3146E2DED8567AFBE9EF94320F1A4A3DE6C483744EA7558058686
                                                                                                                                Function 005F5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %1.17g
                                                                                                                                • API String ID: 0-1551345525
                                                                                                                                • Opcode ID: df18bca0d4b4ecadd58240b5f79723a65e04237ba23596342b54d7c956b80876
                                                                                                                                • Instruction ID: 08bb9f3f4bfeebca5331dfe2b232f4504d3474e149516605924d4c84ca0be488
                                                                                                                                • Opcode Fuzzy Hash: df18bca0d4b4ecadd58240b5f79723a65e04237ba23596342b54d7c956b80876
                                                                                                                                • Instruction Fuzzy Hash: 2122E3B2609B4A8BE7158E18D844336BFA2BFE0344F29896DDB598B381F779DC04C741
                                                                                                                                Function 006212D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: "
                                                                                                                                • API String ID: 0-123907689
                                                                                                                                • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                • Instruction ID: eadf7ec1c711152bddd3e47e62516844b81ac144e6abed3fbaf3b7aac233c878
                                                                                                                                • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                • Instruction Fuzzy Hash: EDF12671A0C7614BC724CF24D490A6BBBE7AFE6350F18C56DE8998F382D634DD058B92
                                                                                                                                Function 0061AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: dc86199e31f1bb1223a32749c41a79a9deec0762c5c2b299dc27c868f79b3af6
                                                                                                                                • Instruction ID: 7956ffbce9ec0178f51ef15cc19eb1b0b0debb06c070b6435a1e28fa9c928834
                                                                                                                                • Opcode Fuzzy Hash: dc86199e31f1bb1223a32749c41a79a9deec0762c5c2b299dc27c868f79b3af6
                                                                                                                                • Instruction Fuzzy Hash: B9E1A875508306DBC324DF28C8905AEB7E2FF99791F58991CE4D587320E731E999CB82
                                                                                                                                Function 00606EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: a19df48b3c5dc2a7d685c7bbb38770b59fbfd6cb3cd641a072f16dfbff27399d
                                                                                                                                • Instruction ID: cfdc3ea242a17d4b120ebac65e9079cc76711379963f460faa408efc7945bec8
                                                                                                                                • Opcode Fuzzy Hash: a19df48b3c5dc2a7d685c7bbb38770b59fbfd6cb3cd641a072f16dfbff27399d
                                                                                                                                • Instruction Fuzzy Hash: 41F17CB5A40A068FD7289F24D881A27B7F7FF88314B14892DE59787791EB34E825CB41
                                                                                                                                Function 00617E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: ef0c72fe654c92bd26d5e727d3658bb1e34ea1e55f12ad4c8b93a5f01073dfe4
                                                                                                                                • Instruction ID: ffd391a7ee90a6525a5bfcc41201e2af459abee397c9780664e0dcaeb6926940
                                                                                                                                • Opcode Fuzzy Hash: ef0c72fe654c92bd26d5e727d3658bb1e34ea1e55f12ad4c8b93a5f01073dfe4
                                                                                                                                • Instruction Fuzzy Hash: D9C1CF72508201AFD710AB14C882AABB7F6EF96354F0C881CF8C587351E734ED95DBA2
                                                                                                                                Function 00618D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 9a197554e4bdfc38b62a6f2275eb6c1886ec6c2dfe052da3138593eef5500289
                                                                                                                                • Instruction ID: 8eab1d5b2291c8a098af4501d53e0dd358b3f268d5dabfef99777bf17cb38987
                                                                                                                                • Opcode Fuzzy Hash: 9a197554e4bdfc38b62a6f2275eb6c1886ec6c2dfe052da3138593eef5500289
                                                                                                                                • Instruction Fuzzy Hash: C0D1BC74A18302DFE704DF68DC90AAAB7E6FF8A304F09486CE98687391D734E955CB51
                                                                                                                                Function 00604487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: BI`
                                                                                                                                • API String ID: 0-3763738024
                                                                                                                                • Opcode ID: 8b9e7bc80132c04a462e0a5928985e456d41dc3d4ad39e86763080518f5a3b33
                                                                                                                                • Instruction ID: f085a9f3bca49a564ba03100bab66ee1b4c4715e1bc7827309daa8d1753d2ce7
                                                                                                                                • Opcode Fuzzy Hash: 8b9e7bc80132c04a462e0a5928985e456d41dc3d4ad39e86763080518f5a3b33
                                                                                                                                • Instruction Fuzzy Hash: 46E102B5601B008FD365CF28D996B97B7E2FF06704F04886CE5AAC7752EB35B8148B54
                                                                                                                                Function 00637FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: P
                                                                                                                                • API String ID: 0-3110715001
                                                                                                                                • Opcode ID: b27ff2745b798b27e2efb6667dd97b1b68d78fbc852560412552f34473806f91
                                                                                                                                • Instruction ID: 9e7e23fd54d1f43c06eb4242e03362864cb4cc67494dab03272d050290b8cb21
                                                                                                                                • Opcode Fuzzy Hash: b27ff2745b798b27e2efb6667dd97b1b68d78fbc852560412552f34473806f91
                                                                                                                                • Instruction Fuzzy Hash: 5DD1C3729083658FC725CE18D8907AFB6E2EB85718F15862CF8A5AB391CB75DC06C7C1
                                                                                                                                Function 00636CBF Relevance: 1.6, Strings: 1, Instructions: 384COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: "pc
                                                                                                                                • API String ID: 0-1057751688
                                                                                                                                • Opcode ID: 4e3dae63faf372b0d9fe6ac5ea2daf7b385b203f9cfd4d3f5fec40ddfd67214f
                                                                                                                                • Instruction ID: 4cdc47a0aeaecbbefb70bb417fe781afcd162fde148052d5ea8fb45801f637f5
                                                                                                                                • Opcode Fuzzy Hash: 4e3dae63faf372b0d9fe6ac5ea2daf7b385b203f9cfd4d3f5fec40ddfd67214f
                                                                                                                                • Instruction Fuzzy Hash: DAD1C03A618355CFC714CF38D8C056ABBE2AB8A314F098A7DE895C73A1D335DA45CB91
                                                                                                                                Function 0061CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 2994545307-3233224373
                                                                                                                                • Opcode ID: 173959c6f9b633044125c45cde42a8f51e6402771b227965fac4264b5932d0ec
                                                                                                                                • Instruction ID: 40f8f3895cd050df87a4fc1ec9898d1ed6c506b9cd248572d1b08423fe8bca2e
                                                                                                                                • Opcode Fuzzy Hash: 173959c6f9b633044125c45cde42a8f51e6402771b227965fac4264b5932d0ec
                                                                                                                                • Instruction Fuzzy Hash: D2B1CD70A483059BD714DF14D880AAFBBE3EF96364F18492CE5C58B352E335E895CB92
                                                                                                                                Function 005FA850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ,
                                                                                                                                • API String ID: 0-3772416878
                                                                                                                                • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                • Instruction ID: 0443595a9673995998a543599bb34b204281eebf5dc259828b376554d6263f87
                                                                                                                                • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                • Instruction Fuzzy Hash: 87B127701083859FC320CF58C98062BBFE1AFA9704F448A2DE5D997342D275EA08CB67
                                                                                                                                Function 0062FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: f50378f1253160ef526ed21c577b26b23235c8dc4ef9c1a94edff0e76404afdf
                                                                                                                                • Instruction ID: 538823bfed1d2a6eb8484619f10d8d0daabe4d3bf7b67eb21e8b4eea8ca49d5d
                                                                                                                                • Opcode Fuzzy Hash: f50378f1253160ef526ed21c577b26b23235c8dc4ef9c1a94edff0e76404afdf
                                                                                                                                • Instruction Fuzzy Hash: 7F81BAB4618311ABD710DF68E885A2AB7F6FB8A701F54883CF5C587292D731D815CFA2
                                                                                                                                Function 0060D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 21671ef104239d9e2d17ad41e59bd3b89099ab24483bc8f1a351a907cc836288
                                                                                                                                • Instruction ID: b88621ca74bbdb07c6fd56615fa78e8cc1ff089aed8003e1f590f95b77a51754
                                                                                                                                • Opcode Fuzzy Hash: 21671ef104239d9e2d17ad41e59bd3b89099ab24483bc8f1a351a907cc836288
                                                                                                                                • Instruction Fuzzy Hash: B5610175908215DBD715AF98DC42A7BB3B2FF95354F080A2CF9858B391E331E910C792
                                                                                                                                Function 00634A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: cd338563cb7ff13807bba20fa1bc189a3c07365b4e32b09be6ca397215ccff06
                                                                                                                                • Instruction ID: c46324222463812f97b703ffafd612e072adb06f6ecfb5b22e9b1281fcdf9584
                                                                                                                                • Opcode Fuzzy Hash: cd338563cb7ff13807bba20fa1bc189a3c07365b4e32b09be6ca397215ccff06
                                                                                                                                • Instruction Fuzzy Hash: 9A61BC756083419BD710DF25D880B2AFBE7EB85314F18896CE986873A1DB31EC41CB92
                                                                                                                                Function 0071F655 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: &d_~
                                                                                                                                • API String ID: 0-1633505698
                                                                                                                                • Opcode ID: 02e028b187c53134b81ac724f04011f1a9ca1eae0ebb26bd48e0a9d8e6a5600f
                                                                                                                                • Instruction ID: a10e053ad2c73b20621dc31a6072ec3c35dcb749ac800ae03f902afd61dbd8a0
                                                                                                                                • Opcode Fuzzy Hash: 02e028b187c53134b81ac724f04011f1a9ca1eae0ebb26bd48e0a9d8e6a5600f
                                                                                                                                • Instruction Fuzzy Hash: 066106F7D087144BE304AE39E98432AFAE5EF90710F1B463DDA8897784E9795C0587C6
                                                                                                                                Function 005FE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 005FE333
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                                • API String ID: 0-2471034898
                                                                                                                                • Opcode ID: d91cb9f40d8d1a05f9b20664fec10c8fa7323c404569994938837322d6bc2b68
                                                                                                                                • Instruction ID: a69e954fdeaa6176d72abca917b0634f3f26e2fcb4cb99c6e1db6208df6ef884
                                                                                                                                • Opcode Fuzzy Hash: d91cb9f40d8d1a05f9b20664fec10c8fa7323c404569994938837322d6bc2b68
                                                                                                                                • Instruction Fuzzy Hash: D8514937A19A944BD324893C5C563BA7E871BD2334B3DCB6AEAF1CB3F5E55948018380
                                                                                                                                Function 00633920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: e82360e442b7c1fd66a74f0e3197f231ffdbec07994e79b0a728a91fed5e0d79
                                                                                                                                • Instruction ID: 2cc92aacc8faf5ca4b252922474b3c68e9a85e838f7b9aa98edb4fa068cd8e3f
                                                                                                                                • Opcode Fuzzy Hash: e82360e442b7c1fd66a74f0e3197f231ffdbec07994e79b0a728a91fed5e0d79
                                                                                                                                • Instruction Fuzzy Hash: EA518C74609250DBCB24DF19D890A6ABBE7FF85744F18882CE4C687392D771DE10DBA2
                                                                                                                                Function 00601BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: L3
                                                                                                                                • API String ID: 0-2730849248
                                                                                                                                • Opcode ID: 272306d13aae045c134ff16fe902f78c0b721a7d1e0724feea5d5d9bc840c814
                                                                                                                                • Instruction ID: ba2b89d8b55a47a0f8d9deb4fb4c24acf38fbfc70b0f230235933e1fb5cbeaae
                                                                                                                                • Opcode Fuzzy Hash: 272306d13aae045c134ff16fe902f78c0b721a7d1e0724feea5d5d9bc840c814
                                                                                                                                • Instruction Fuzzy Hash: 994162B84483809BDB189F24C894A6FBBF2FF86714F04991CF5C59B291D73ACA05CB56
                                                                                                                                Function 0062FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: ad6e7671ed93a81235175ab8185a62478fdcdfc9985920b32d2b2d901e7b9238
                                                                                                                                • Instruction ID: e91e3a2270b77cc8786db5bfc8104f205211ed8057ec5fbbce944036900752d0
                                                                                                                                • Opcode Fuzzy Hash: ad6e7671ed93a81235175ab8185a62478fdcdfc9985920b32d2b2d901e7b9238
                                                                                                                                • Instruction Fuzzy Hash: 7B3114B5908315ABE714EA14DC91B2BB7EAEB85744F144828F88597252E331DC18CBE3
                                                                                                                                Function 0061E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 72?1
                                                                                                                                • API String ID: 0-1649870076
                                                                                                                                • Opcode ID: bfe1096b6fd231690be9bbf01d0fa6f83a0c3ffc702e213a00051de1d076b0e2
                                                                                                                                • Instruction ID: f10249ff1662d193a7e762121afcfdd3c1763813960a77e6c88b866fba6150ca
                                                                                                                                • Opcode Fuzzy Hash: bfe1096b6fd231690be9bbf01d0fa6f83a0c3ffc702e213a00051de1d076b0e2
                                                                                                                                • Instruction Fuzzy Hash: F431C575900205CFD720CF94E9805EFBBB6FB5B344F580868D946AB341D336E945CBA1
                                                                                                                                Function 00606F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: d775ad74a5495d4351c9b69ae321224f201e35179714639d02675a6bf3380c71
                                                                                                                                • Instruction ID: d3fd23be51ea513e669bf0818e8d7409cc1d4d6c9b92a5c4505cf8133efad8b6
                                                                                                                                • Opcode Fuzzy Hash: d775ad74a5495d4351c9b69ae321224f201e35179714639d02675a6bf3380c71
                                                                                                                                • Instruction Fuzzy Hash: F34156B5644B04DBD7288B61C990B27BBF3FB09700F14991CE5879BBA2E331F8108B50
                                                                                                                                Function 0061E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 72?1
                                                                                                                                • API String ID: 0-1649870076
                                                                                                                                • Opcode ID: 7606afc37f53272502e2750963311d39373a190dfdcfe3d1727c49452fbcafdf
                                                                                                                                • Instruction ID: c38926bedd2aad36c1d68b637c6e55fe289de906a30d8783f5d6b7f99abb66da
                                                                                                                                • Opcode Fuzzy Hash: 7606afc37f53272502e2750963311d39373a190dfdcfe3d1727c49452fbcafdf
                                                                                                                                • Instruction Fuzzy Hash: 6421A1B5900245CFE720CF95D9905AFBBB6BB5B744F58081CE886AB341C336ED81CBA1
                                                                                                                                Function 007CC15A Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: r~
                                                                                                                                • API String ID: 0-3686569714
                                                                                                                                • Opcode ID: 10311d83846dc94dbb3e7b427a5005c71265828120121a9456f0a18d79ffaa54
                                                                                                                                • Instruction ID: 43a581e5fed654d6c5771f636af1210358b24adc4125d56adda40478dce8caea
                                                                                                                                • Opcode Fuzzy Hash: 10311d83846dc94dbb3e7b427a5005c71265828120121a9456f0a18d79ffaa54
                                                                                                                                • Instruction Fuzzy Hash: 7C31F4B251C6109FE745BF28C88266AFBE4EF58710F06492DE6D5C3250E7359890CB87
                                                                                                                                Function 00639CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 2994545307-2766056989
                                                                                                                                • Opcode ID: 38895bc2fe2763fecebb488fc96712eaf189c19c45444035f2e33890864f36d6
                                                                                                                                • Instruction ID: b32b670545526c99b20bed8500c40e6548c106e1cc9a90b40dc75de2cee0fbd7
                                                                                                                                • Opcode Fuzzy Hash: 38895bc2fe2763fecebb488fc96712eaf189c19c45444035f2e33890864f36d6
                                                                                                                                • Instruction Fuzzy Hash: D83174749083009BD310EF18D880A6BFBFAEF9A314F14992CE6C997351D3B5D904CBA6
                                                                                                                                Function 00604E2A Relevance: 1.0, Instructions: 957COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d113824dc2a0edce510dc6aa8a25169c3d0977ae0309217561fc758fae44f89c
                                                                                                                                • Instruction ID: 9c533982fa2f988c512d73fa70613fe6a5ff375b96abc992b7e03037f73558ab
                                                                                                                                • Opcode Fuzzy Hash: d113824dc2a0edce510dc6aa8a25169c3d0977ae0309217561fc758fae44f89c
                                                                                                                                • Instruction Fuzzy Hash: 446257B0940B018FD729CF24D994B27BBF6AF49700F54896CD49B8BA92E775F804CB91
                                                                                                                                Function 007AEEC3 Relevance: .9, Instructions: 903COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 06c88e0c514c990c264078802d9b600cab81bc709bbf7b100fc30c10f88a36bd
                                                                                                                                • Instruction ID: a96f33b176d9b836a0cdf56244a6bcdd7b801510e2e25c24509d3d01fe930974
                                                                                                                                • Opcode Fuzzy Hash: 06c88e0c514c990c264078802d9b600cab81bc709bbf7b100fc30c10f88a36bd
                                                                                                                                • Instruction Fuzzy Hash: 7F5227F390C204AFE3046E2DDC8577ABBE9EF94720F1A493DEAC4C7744EA3559018696
                                                                                                                                Function 005FBEB0 Relevance: .9, Instructions: 895COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                • Instruction ID: 4ac4e274255361f32c3a3149a1a01eb48e217e17a28f0b152f23e7c2d6d6a34b
                                                                                                                                • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                • Instruction Fuzzy Hash: 4252283190871D8BC725DF18D5442BABBE1FFC4319F294A3DDAC697280E738A851CB86
                                                                                                                                Function 00638652 Relevance: .7, Instructions: 710COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6cad8fcf36e0243a2f8a07524146752b584565e7a44e2b8da8943ec4ab6d5c67
                                                                                                                                • Instruction ID: 20f39e561e0f28142841ff2d20a781074c44bec04261bcd28c7c8c255acd9341
                                                                                                                                • Opcode Fuzzy Hash: 6cad8fcf36e0243a2f8a07524146752b584565e7a44e2b8da8943ec4ab6d5c67
                                                                                                                                • Instruction Fuzzy Hash: CE22CC39608341CFC704DF68E89162ABBF2FF8A315F09896DE58987351DB35D950CB92
                                                                                                                                Function 006386F0 Relevance: .7, Instructions: 681COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e54bcb87aed680f970d630694c31a9f02bf655bd363b4710c4e9cdc378d44d2a
                                                                                                                                • Instruction ID: 90843b69af457b1ffa121d8f3f93c28542b7f207e353cd43e24821b88ebfacab
                                                                                                                                • Opcode Fuzzy Hash: e54bcb87aed680f970d630694c31a9f02bf655bd363b4710c4e9cdc378d44d2a
                                                                                                                                • Instruction Fuzzy Hash: DE229939608340DFD704DF68E89162ABBE2FF8A305F09896DE5C987351CB35D950CB92
                                                                                                                                Function 005FB3A0 Relevance: .7, Instructions: 670COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e3a0bfde6b12fb0fd709323aba438d6c709908e4c1d6493e74b934568ae17d30
                                                                                                                                • Instruction ID: 333befd8db09660b3c968173224616fdf6c495a19cf8f5cf81e1d04b80f9669f
                                                                                                                                • Opcode Fuzzy Hash: e3a0bfde6b12fb0fd709323aba438d6c709908e4c1d6493e74b934568ae17d30
                                                                                                                                • Instruction Fuzzy Hash: 14528EB0908B88CFF7359B24C4847B7BFE2BB91314F148C2DC6E646A86D77DA8858751
                                                                                                                                Function 005F71F0 Relevance: .7, Instructions: 657COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 990a5ef76c147b762d6baf55567b75110aa6c84ed4410596bc08ce49940d7895
                                                                                                                                • Instruction ID: 77b1e5850302a82f9948b3cc237d46683c6b756a5966503bff243ece25ea599f
                                                                                                                                • Opcode Fuzzy Hash: 990a5ef76c147b762d6baf55567b75110aa6c84ed4410596bc08ce49940d7895
                                                                                                                                • Instruction Fuzzy Hash: 0E528F3150C34D8BCB15CF28C0906BABFE2BF89314F198A6DE99957352D778E949CB81
                                                                                                                                Function 005F8FD0 Relevance: .6, Instructions: 620COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 22cb2a53c382c5990668728ca5765204d3132849c1d63277010097c8e4388026
                                                                                                                                • Instruction ID: 95f1937c1c9f73132669616ebdde0552aa5f5bb931eee06d5030ec13dfbb9414
                                                                                                                                • Opcode Fuzzy Hash: 22cb2a53c382c5990668728ca5765204d3132849c1d63277010097c8e4388026
                                                                                                                                • Instruction Fuzzy Hash: DD426775608301DFE704CF28D85076ABBE2BF88315F09986DE5858B392D73AD945CF92
                                                                                                                                Function 005F7BF0 Relevance: .6, Instructions: 592COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 664784e08d569b2cdc9c8e7af1bebdb8cbac02201a168c0a2047e0682e6f68ad
                                                                                                                                • Instruction ID: 8e1698a02bd91f1ebb37702372afd060689f557ead95973478bdc3b50e81a447
                                                                                                                                • Opcode Fuzzy Hash: 664784e08d569b2cdc9c8e7af1bebdb8cbac02201a168c0a2047e0682e6f68ad
                                                                                                                                • Instruction Fuzzy Hash: 1D321370514B198FC368CF29C59053ABBF2BF49710BA44A2ED6A787B91D73AF845CB10
                                                                                                                                Function 006389A0 Relevance: .5, Instructions: 545COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a80643b1c454aeaf460787d3aeda5226ccee0e0692e6fa55645b77e2cc7c4dc7
                                                                                                                                • Instruction ID: fa5aebdd907ca5fa4be6c6ff591008f55124e931ae6938496c699202ce4a9c2a
                                                                                                                                • Opcode Fuzzy Hash: a80643b1c454aeaf460787d3aeda5226ccee0e0692e6fa55645b77e2cc7c4dc7
                                                                                                                                • Instruction Fuzzy Hash: BA029939608341DFC704DF68E88162AFBE2EF8A305F09896DE5C587361CB76D954CB92
                                                                                                                                Function 00638A80 Relevance: .5, Instructions: 524COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d14ea2c351a04891ab838f748d738f61ebb67c8be473f1a09c21c5fd6ffa8511
                                                                                                                                • Instruction ID: 1f8a7f54a9596773a6ef10aaa88104687571f5036a66486b372e99394f5a3042
                                                                                                                                • Opcode Fuzzy Hash: d14ea2c351a04891ab838f748d738f61ebb67c8be473f1a09c21c5fd6ffa8511
                                                                                                                                • Instruction Fuzzy Hash: C1F1773560C380DFC705EF68E88162AFBE2AF8A705F09896DE4C987351D776D910CB92
                                                                                                                                Function 00638C02 Relevance: .5, Instructions: 487COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3fcbef90ef511b7738afa9dd742520e54f7f7c297cd5705b9a56a411e99a8a7a
                                                                                                                                • Instruction ID: 9c3b05cec446b058834efad980bd82102578c18c7fa3922c4c327dc6b0ac2a6c
                                                                                                                                • Opcode Fuzzy Hash: 3fcbef90ef511b7738afa9dd742520e54f7f7c297cd5705b9a56a411e99a8a7a
                                                                                                                                • Instruction Fuzzy Hash: 51E1AC35618340CFC704DF68E88162AFBE2EF8A315F09896CE5D987351DB76E910CB92
                                                                                                                                Function 005FA300 Relevance: .5, Instructions: 459COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                • Instruction ID: af2227f777eedab0bbcc1b90d10553085270e7f1d4a244bc9c7738233b2d4107
                                                                                                                                • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                • Instruction Fuzzy Hash: 9AF1AB766083458FC724CF29C88166BBBE6BFD8300F08882DE5D987752E679E945CB53
                                                                                                                                Function 007AF9CC Relevance: .4, Instructions: 446COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 85472db19df24a97827eda625896dee2677f405f2cf52b83873c9c85f7bcc01a
                                                                                                                                • Instruction ID: 186d2929d665d5faecece69d6c62addd2ee8cc0f606d4bd6c2922dfe8cefc433
                                                                                                                                • Opcode Fuzzy Hash: 85472db19df24a97827eda625896dee2677f405f2cf52b83873c9c85f7bcc01a
                                                                                                                                • Instruction Fuzzy Hash: 17D107F3A082109FE304AE2DEC8577ABBE9EF94320F16853DEAC4D3744E67558058796
                                                                                                                                Function 00638E70 Relevance: .4, Instructions: 420COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4a7162a2849af85bcfdc7adf261e4aa319cc6cd6689926a2724dd1ba9bbcee50
                                                                                                                                • Instruction ID: 5fbfb8b7422c6a209c7b1dfde69c079b6e4d5a8b8c149568c2c3fb979db9a65a
                                                                                                                                • Opcode Fuzzy Hash: 4a7162a2849af85bcfdc7adf261e4aa319cc6cd6689926a2724dd1ba9bbcee50
                                                                                                                                • Instruction Fuzzy Hash: 27D1993460C280DFD705EF28E88162AFBE6EF8A705F09896DE4C587351D776D910CBA2
                                                                                                                                Function 00637AB0 Relevance: .4, Instructions: 354COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9527bb3ec251d87cb7abe442c27d6139611a21ae91923bbb05d0ed2d3839d227
                                                                                                                                • Instruction ID: 82c94b7abdc539c85ff52040d65c9e095a5dd4cdf3b43b866a35df9f10763399
                                                                                                                                • Opcode Fuzzy Hash: 9527bb3ec251d87cb7abe442c27d6139611a21ae91923bbb05d0ed2d3839d227
                                                                                                                                • Instruction Fuzzy Hash: B0B1F3B2A083544FE724DA28CC4576BBBE6EFC5314F08496CE99997391EA35EC0487D2
                                                                                                                                Function 005FAF10 Relevance: .3, Instructions: 303COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                • Instruction ID: d2ce7ebb03d228b9ae14396fb3d9332b62e47da5903a8bb988219e81e34b37da
                                                                                                                                • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                • Instruction Fuzzy Hash: 37C18F72A48745CFD360CF28CC96BABBBE1BF85318F08492DD2D9C6242D778A155CB06
                                                                                                                                Function 00606536 Relevance: .3, Instructions: 295COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a81a8d9856371d64edc4620317e0a33d5d6b3a4caf5f6545f1ac5a7e39347e97
                                                                                                                                • Instruction ID: d185794794d212ad309d84972925d6d04ba8fd0edf4a67899eccd0a54cd84686
                                                                                                                                • Opcode Fuzzy Hash: a81a8d9856371d64edc4620317e0a33d5d6b3a4caf5f6545f1ac5a7e39347e97
                                                                                                                                • Instruction Fuzzy Hash: 8CB10374500B408FD3258F24C985B67BBF2EF46704F14885CE8AA8BB92E775F815CB55
                                                                                                                                Function 00637710 Relevance: .3, Instructions: 287COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 3f0501b98dceefa51f45fb597de8c792b13873aadfb5630571e56344eab6c150
                                                                                                                                • Instruction ID: 19f5fdd104c8c96b9040537d1addfe4a340fe88be556af6e94260b7497021427
                                                                                                                                • Opcode Fuzzy Hash: 3f0501b98dceefa51f45fb597de8c792b13873aadfb5630571e56344eab6c150
                                                                                                                                • Instruction Fuzzy Hash: 1A918CB560C341ABE730DB14D880BABBBE6EB85354F54492CF99597392E730E940CBD2
                                                                                                                                Function 0063A0D0 Relevance: .3, Instructions: 282COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 038f7092cd07215da96d89efaf87922e7d7ba3999f67c4edf85d061830f816f4
                                                                                                                                • Instruction ID: 0faa680e68d225a4b8d0a248ac4f7f1e174f7d52212ee92bcab07eecbb37054e
                                                                                                                                • Opcode Fuzzy Hash: 038f7092cd07215da96d89efaf87922e7d7ba3999f67c4edf85d061830f816f4
                                                                                                                                • Instruction Fuzzy Hash: 3F817A342087018BD724DFA8D890A6BB7E6EF89740F49896CE5C6CB351E731ED11DB92
                                                                                                                                Function 006264F0 Relevance: .2, Instructions: 246COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9f8f5ef726d3b43bde8203a7bc7feebbcef8cb25dbd30398abe708aafc5be500
                                                                                                                                • Instruction ID: e30c3bba90860a25f1c17763c08671dc0ceccef5bd79d8f1ff5eed71274fe11a
                                                                                                                                • Opcode Fuzzy Hash: 9f8f5ef726d3b43bde8203a7bc7feebbcef8cb25dbd30398abe708aafc5be500
                                                                                                                                • Instruction Fuzzy Hash: D671D433B29EA04BC3148D7CAC92395AA534BD6334F3DC379B9B49B3E5D6298C064781
                                                                                                                                Function 006128E9 Relevance: .2, Instructions: 244COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6b0ba4cc9029a27e0f07b26f95e9a4875dc0cb0c9eb572912b609adcee43b30b
                                                                                                                                • Instruction ID: c359284436a5fff302a32dc1b982a38f38a4b3a680e77bd24eebb6bf8430e96a
                                                                                                                                • Opcode Fuzzy Hash: 6b0ba4cc9029a27e0f07b26f95e9a4875dc0cb0c9eb572912b609adcee43b30b
                                                                                                                                • Instruction Fuzzy Hash: 0E6188B44183518BD310AF14D851A6BBBF2FF92750F08491CE5C58B361E339D960CB66
                                                                                                                                Function 00617C00 Relevance: .2, Instructions: 243COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 519a5f59189cd0b2b3472bc168e5c947b49d1c1c99e92f8670c8023c1dbe07bd
                                                                                                                                • Instruction ID: 8fd146a3e077b75de91dbece3200935edc84712c66119c0e320b16f35f49c5cf
                                                                                                                                • Opcode Fuzzy Hash: 519a5f59189cd0b2b3472bc168e5c947b49d1c1c99e92f8670c8023c1dbe07bd
                                                                                                                                • Instruction Fuzzy Hash: BF51D1B16082099BDB209B24DC86BF773B6EF85364F084558F986CB390F375E881C761
                                                                                                                                Function 00621860 Relevance: .2, Instructions: 217COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                • Instruction ID: a9d2647af4b16cea7ebe2a96c3bbde0d773c6662417093ddbe506e4bce7c62da
                                                                                                                                • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                • Instruction Fuzzy Hash: 7761CD31A0D7219BD714CE28E58036EBBE3ABE6350F64C92DE4998F351D274DD829F42
                                                                                                                                Function 006282D0 Relevance: .2, Instructions: 215COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a8c845ad725220571a8dd4b1664c690219df3046641ba66d4aa4170a6933528b
                                                                                                                                • Instruction ID: fc024adc86a85daa8981af45f41de92164d58c0d08aff7ea7d0e1922e3f35db5
                                                                                                                                • Opcode Fuzzy Hash: a8c845ad725220571a8dd4b1664c690219df3046641ba66d4aa4170a6933528b
                                                                                                                                • Instruction Fuzzy Hash: 34612723A5BEB04FD314853C6C553A66A831BD6734F3EC36A99B19B3E5CD694C034781
                                                                                                                                Function 006042FC Relevance: .2, Instructions: 206COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: aa2b4f68c286607f230c76b4d56461d3c721c3111874e5b835543fc8d1093c87
                                                                                                                                • Instruction ID: eb4523bb39b5410f774d6d2e15612d9376821a64af3ca4d48f2ec6f2d8b50a17
                                                                                                                                • Opcode Fuzzy Hash: aa2b4f68c286607f230c76b4d56461d3c721c3111874e5b835543fc8d1093c87
                                                                                                                                • Instruction Fuzzy Hash: AE81DFB4810B00AFD360EF39D947797BEF5BB06301F404A1DE5EA96695E7306419CBE2
                                                                                                                                Function 0062E8A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                • Instruction ID: fd39cfa43157bb5a4cbc7d8f734da4d13db2d56323d42fc4ce89b902fa1e47cd
                                                                                                                                • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                • Instruction Fuzzy Hash: 60515CB16087548FE314DF69D49435BBBE1BB85318F044E2EE4E987351E379DA088F82
                                                                                                                                Function 007501CF Relevance: .2, Instructions: 183COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0d2f023a5c61afc626a8a15c2f5a2bf049a2136a24cd94f0f96ce36acde05db2
                                                                                                                                • Instruction ID: fc3a83e517d1905f251c0b35f9b8618ba48b2918ecda83dda4711e43c2744d66
                                                                                                                                • Opcode Fuzzy Hash: 0d2f023a5c61afc626a8a15c2f5a2bf049a2136a24cd94f0f96ce36acde05db2
                                                                                                                                • Instruction Fuzzy Hash: 1F51E4B3B042144BF748AD3DDCA976B76D6DBD4320F1B463DD585CB7C4E93958058281
                                                                                                                                Function 00637520 Relevance: .2, Instructions: 176COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0f7b31094bb6334f2074489cb08d792a577f5ef19c6b48cd39d100c9f335c93f
                                                                                                                                • Instruction ID: e105eec9973dd0ec7a6645813f7b3e5da42024bd9f6e9e740e2ca198bb38e784
                                                                                                                                • Opcode Fuzzy Hash: 0f7b31094bb6334f2074489cb08d792a577f5ef19c6b48cd39d100c9f335c93f
                                                                                                                                • Instruction Fuzzy Hash: B751067560C6009BC7259E18CCA1B6EB7E7EB86364F288A2CF8D657391D631EC10C7D1
                                                                                                                                Function 005F5A50 Relevance: .2, Instructions: 163COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 30cd26bd44ee083aa7f75b84a873d40384a0200aeaad6ebf387906fc28d94239
                                                                                                                                • Instruction ID: f42ab9bdb8f7b3e50af71f749e613c4d3a0dd77431cd46e7b99abfb7a165b058
                                                                                                                                • Opcode Fuzzy Hash: 30cd26bd44ee083aa7f75b84a873d40384a0200aeaad6ebf387906fc28d94239
                                                                                                                                • Instruction Fuzzy Hash: E951F375A047099FC714DF14C880936BFA1FF85324F59466CEA968B352E734EC52CB92
                                                                                                                                Function 0061EC48 Relevance: .1, Instructions: 146COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: abb9f44c2aebb2c184de1ff244fa212bc0f4ebab64e72d6e495075179c281213
                                                                                                                                • Instruction ID: 29beed3e4e39de719ff12f18c35b165bc1d503ab402d5f47d56e967c9cd85d81
                                                                                                                                • Opcode Fuzzy Hash: abb9f44c2aebb2c184de1ff244fa212bc0f4ebab64e72d6e495075179c281213
                                                                                                                                • Instruction Fuzzy Hash: FE417F78D00315DBDF208F54EC91BE9B7B2FF0A340F184548E945AB391EB39A991CB95
                                                                                                                                Function 00639B60 Relevance: .1, Instructions: 140COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6cdb51e22147bbbe3cf6ea0d59e18c9dfa76ca7c1310a5ddbc759bc0bbc7f4e6
                                                                                                                                • Instruction ID: 87b6db1de72ce9c09366e0441d7f34a51c03b267e0b22d570d85dd2de35a0e7e
                                                                                                                                • Opcode Fuzzy Hash: 6cdb51e22147bbbe3cf6ea0d59e18c9dfa76ca7c1310a5ddbc759bc0bbc7f4e6
                                                                                                                                • Instruction Fuzzy Hash: A7419A34608300ABD714EB15D990B2BFBE7EB86714F14982CF58A97352D3B1E801CFA6
                                                                                                                                Function 00602030 Relevance: .1, Instructions: 136COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e474159b339d9bc6b78fef078d0e6211faeb006e057672d8da8746e66025f679
                                                                                                                                • Instruction ID: fdac42f9318650d425bae7eb3fa7d86e76198b77233785597e87aea98800001e
                                                                                                                                • Opcode Fuzzy Hash: e474159b339d9bc6b78fef078d0e6211faeb006e057672d8da8746e66025f679
                                                                                                                                • Instruction Fuzzy Hash: BF41F632A083664FD35DCE2984A427ABBE2AFC4310F09866EE4D6873D4DAB48945D781
                                                                                                                                Function 00601E93 Relevance: .1, Instructions: 131COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f1ef4b5b51e83b262c3e208fe263701479f517145b7d3567e989d22f92a95a66
                                                                                                                                • Instruction ID: 0e5720f62bdea7fbfb11dad010c12f152cb55b985d61d9c1534cb0cfea833afa
                                                                                                                                • Opcode Fuzzy Hash: f1ef4b5b51e83b262c3e208fe263701479f517145b7d3567e989d22f92a95a66
                                                                                                                                • Instruction Fuzzy Hash: 5F410F745483809BD324AB59C888B1FFBF6FB87744F14491CF6C49B292C376E8148B66
                                                                                                                                Function 00638D8A Relevance: .1, Instructions: 124COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0c811b61e82e15ab5d8fb1583d27d71ba9630888105854df7817ed45da5c0726
                                                                                                                                • Instruction ID: 31ee57c65adfef60097b98b2d1c6d8671156b3586efb72fe03b55ea4fe3cb385
                                                                                                                                • Opcode Fuzzy Hash: 0c811b61e82e15ab5d8fb1583d27d71ba9630888105854df7817ed45da5c0726
                                                                                                                                • Instruction Fuzzy Hash: A641AB316083508FC304AF68C49056EFBE6AF9A300F199A6DE4D59B3A1CB74DD058BC2
                                                                                                                                Function 0060D961 Relevance: .1, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4a6c60f6aa61ff3486f1e3cb14445ef7efa79d0c9f5743e72a0302bd2bdba160
                                                                                                                                • Instruction ID: c5698b94da1157b77ba15e95e5bb7043c8da836f6931e354b5aa7ab9b7b0b380
                                                                                                                                • Opcode Fuzzy Hash: 4a6c60f6aa61ff3486f1e3cb14445ef7efa79d0c9f5743e72a0302bd2bdba160
                                                                                                                                • Instruction Fuzzy Hash: 8841DDB5648385CBE3348F10C845BAFB7B2FF96360F040968E58A8BB91E3744840CB53
                                                                                                                                Function 0062F030 Relevance: .1, Instructions: 104COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                • Instruction ID: c00d0d68dc3123c8c036653d9a6fd9218458706ba9da32dbabefbf34b47c5bc7
                                                                                                                                • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                • Instruction Fuzzy Hash: 4F213A3290852447C3249B59D49193BF7F5EB99B04F06863ED9C497395E3359C208BE1
                                                                                                                                Function 006367EF Relevance: .1, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5af2661fee502d0957423aa79826d54a9741097540f09a3d891ddb97a0bdf5b6
                                                                                                                                • Instruction ID: ef5f5a38f37a0c9e2676da86d042752b2600fece39624483f912082eec8eb3a4
                                                                                                                                • Opcode Fuzzy Hash: 5af2661fee502d0957423aa79826d54a9741097540f09a3d891ddb97a0bdf5b6
                                                                                                                                • Instruction Fuzzy Hash: CB311670518382AAE714CF14C49066FBFF1EF96784F54980DF4C8AB261D334D985CB9A
                                                                                                                                Function 00615E70 Relevance: .1, Instructions: 99COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 078ce10a0b90bdd524602d274186743fa421e9a3980d945b956ba655ce2a89ba
                                                                                                                                • Instruction ID: db7808a1fab8c3af5a2fed0bb866eaaf0fd1a30955414751a718f86924eec3b9
                                                                                                                                • Opcode Fuzzy Hash: 078ce10a0b90bdd524602d274186743fa421e9a3980d945b956ba655ce2a89ba
                                                                                                                                • Instruction Fuzzy Hash: 79218D70508201DBD310AF28C8419ABFBF6EF92764F58891CE4D69B391E334D941CBA7
                                                                                                                                Function 005F49A0 Relevance: .1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                • Instruction ID: 45a9a06ecb49c1c5f30f5760a1cfc8c5b3fc23a0e7ded19f8f51461b5d21ee89
                                                                                                                                • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                • Instruction Fuzzy Hash: A731D8317482059BD7109E18D98093BBBE2FFC4358F18892CEADA8B241D339DD52CF46
                                                                                                                                Function 0081EE70 Relevance: .1, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 02c777ba5518e49179932745c7c312abed9dc07b196ee1081004130700edbcda
                                                                                                                                • Instruction ID: 1e113e4e44236f0fb4469ad70b8c1ec8df24949f917cb2e944f2e2a2bc819aa1
                                                                                                                                • Opcode Fuzzy Hash: 02c777ba5518e49179932745c7c312abed9dc07b196ee1081004130700edbcda
                                                                                                                                • Instruction Fuzzy Hash: B7314BF350C600AFE706AE59DC81BAEFBE5EF58320F06492DE2C5C3650E635A4108A97
                                                                                                                                Function 006364B8 Relevance: .1, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fe02e9c3961ca35f028a44ade56a79e46a750407b963de3d8778ae24b34dd6a5
                                                                                                                                • Instruction ID: 3df7e459a72e620dd07ccff72a36fd8c6bbd8a61736e977ac3c9f9df4c735632
                                                                                                                                • Opcode Fuzzy Hash: fe02e9c3961ca35f028a44ade56a79e46a750407b963de3d8778ae24b34dd6a5
                                                                                                                                • Instruction Fuzzy Hash: B7214A7490C240ABD704EF19D490A2EFBE7FB96745F28D81CE4C593362C335A851CBA6
                                                                                                                                Function 0062B650 Relevance: .1, Instructions: 64COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                • Instruction ID: eec587336a8f98f920e34ec6f3174abd4750391c6bdef4384a651326a623cb82
                                                                                                                                • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                • Instruction Fuzzy Hash: EE115933A045F40EC3128D3C94005A4BFA34AA3334B2C83D9F0B48B2D2C3228D8A8710
                                                                                                                                Function 00620B80 Relevance: .1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                • Instruction ID: 7de9a249813d6889b1ccc5fdc059c10b3c6b51431d8e130abc66c46717aa40fc
                                                                                                                                • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                • Instruction Fuzzy Hash: E9019EF5A00B1787F7309E10A5D4B3BB6AA6B94719F08453CE94647303DB76EC14CA91
                                                                                                                                Function 0061D1E1 Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 624952a7bcb645c77a77dbbd4288927e99e54ec12a635dc1e4205360ca72344c
                                                                                                                                • Instruction ID: fdbedd4fe55acbb865b0162b2f08a7b1158f1f6a51f91dfaa10bdc3b133558de
                                                                                                                                • Opcode Fuzzy Hash: 624952a7bcb645c77a77dbbd4288927e99e54ec12a635dc1e4205360ca72344c
                                                                                                                                • Instruction Fuzzy Hash: D111ECB0408380AFD3109F618584A2FFBE6EBA6754F248C0DF6A49B251C379E859CF56
                                                                                                                                Function 005F6EA0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8380d9899e9bf09a7f606cd4d54246c821a838eab68457f2473471db64ce9300
                                                                                                                                • Instruction ID: 7d2e17a540a8710c1cd0af8701f2271ed0ba59ef2751b893fcad0e3fb39c7f6e
                                                                                                                                • Opcode Fuzzy Hash: 8380d9899e9bf09a7f606cd4d54246c821a838eab68457f2473471db64ce9300
                                                                                                                                • Instruction Fuzzy Hash: 98F0243A71820E0BA220CDABA88083BB796E7C9354B042539EB40C3205CD72E80281D4
                                                                                                                                Function 0062B8C0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                                                                • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                                                                Function 0060C5F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                                • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                                Function 0060B410 Relevance: .0, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                • Instruction ID: 3aacba0f57915c13a4ac7b571e0b504ad0df49a3efe707716cceea844728ac2e
                                                                                                                                • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                • Instruction Fuzzy Hash: F6F05CB164421017DF268A449CC0F77BBDDCB87314F091466E84553287D2A15844C3E9
                                                                                                                                Function 00628220 Relevance: .0, Instructions: 32COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 45c2788793ddb6db4dfb2566b3e50ac533db9971887100e7ca74940d4e81ad6d
                                                                                                                                • Instruction ID: b10f9d83ac487a65112d88ce91615f206b74e5bf64772dd20aa421ecf35a357a
                                                                                                                                • Opcode Fuzzy Hash: 45c2788793ddb6db4dfb2566b3e50ac533db9971887100e7ca74940d4e81ad6d
                                                                                                                                • Instruction Fuzzy Hash: CE01E4B0410B009FC360EF29C445757BBF8EB08714F004A1DE8AECB680D770A5448B82
                                                                                                                                Function 00631440 Relevance: .0, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                • Instruction ID: eed6dbfafd85cad8e0e081b60b4e6224d124a55208035357822563240468dcb2
                                                                                                                                • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                • Instruction Fuzzy Hash: 76D0A731608321469F748E19A4009B7F7F1EAC7B11F49955EF586E7249D230DC41C2E9
                                                                                                                                Function 00601ACD Relevance: .0, Instructions: 14COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 535e2427a03be287b49ba16e09b970a042932eac37791fef7638901bf6c82ae3
                                                                                                                                • Instruction ID: 8d3998e1bf41277bdd0033ae498147c8d297ae0dd9c649902858eed16dfa82d5
                                                                                                                                • Opcode Fuzzy Hash: 535e2427a03be287b49ba16e09b970a042932eac37791fef7638901bf6c82ae3
                                                                                                                                • Instruction Fuzzy Hash: 63C01238A980008BC3088F40BC96A32A2FAA307308B00B02ADA02E7263CA20C4128A09
                                                                                                                                Function 00636094 Relevance: .0, Instructions: 12COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 82ce178a2d21315544e026f587703d02069579350ffa8482e8e9cabe318fe8e4
                                                                                                                                • Instruction ID: 34b6993557a052428fe97ed8c457b8023580df60a45e3f2f0444d8091269660f
                                                                                                                                • Opcode Fuzzy Hash: 82ce178a2d21315544e026f587703d02069579350ffa8482e8e9cabe318fe8e4
                                                                                                                                • Instruction Fuzzy Hash: 07C04838A6C01086A208CE08A951A75E2ABDABBA18A24B11EC806233AAC124D512995C
                                                                                                                                Function 00601A3C Relevance: .0, Instructions: 12COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d28a711b48f3329f18070b8c28da4db53eeb7d2b97446fc2d87c9d2c997d93e6
                                                                                                                                • Instruction ID: 36b9b780470be6d6c34793b9f8b7d804fb251b944e45b1efe57d36ba0f315ee4
                                                                                                                                • Opcode Fuzzy Hash: d28a711b48f3329f18070b8c28da4db53eeb7d2b97446fc2d87c9d2c997d93e6
                                                                                                                                • Instruction Fuzzy Hash: 59C04C24F990408AC3488F85A891532A2EA5307208F10703A9612EB263C560D4158649
                                                                                                                                Function 00635FD6 Relevance: .0, Instructions: 11COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2079521912.00000000005F1000.00000040.00000001.01000000.00000003.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2079501542.00000000005F0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079562666.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079580307.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079680739.00000000007AB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079695821.00000000007AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007C8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079714038.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079744745.00000000007DA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079757474.00000000007DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079777162.00000000007EE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079792089.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079805508.00000000007F2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079818695.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2079967619.0000000000806000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080002901.0000000000807000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080038847.000000000080F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080063352.0000000000817000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080082967.000000000082E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080098321.0000000000835000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080114589.0000000000842000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080129291.0000000000847000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080143233.0000000000848000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080157284.000000000084A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080173733.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080188147.000000000085A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080203252.0000000000861000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080218187.0000000000866000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080232178.0000000000867000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080246718.000000000086A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080260325.000000000086B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080275254.0000000000874000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080294014.000000000088A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080308253.000000000088C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080323607.0000000000897000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.0000000000898000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080338930.00000000008B3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080378790.00000000008DF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080395431.00000000008E0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080410134.00000000008E7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080444212.00000000008F6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2080459304.00000000008F7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_5f0000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1023a2f98541502664c9f1e656cb90502a1515722be5c6270a79a24240e8bae7
                                                                                                                                • Instruction ID: 38d064907f96d93f7058402d26b832c8a5765552f40287c3030b18b10e6e64b9
                                                                                                                                • Opcode Fuzzy Hash: 1023a2f98541502664c9f1e656cb90502a1515722be5c6270a79a24240e8bae7
                                                                                                                                • Instruction Fuzzy Hash: 8EC09228B680108BA34CCF18DD51A35F2BBDBBBA18B24B12DC806A3356D134D512860C