Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1541927
MD5:7711aa717f53e25ed39efd67f8181428
SHA1:cb198100d357ed8ad8d4875ff8910a7133883be4
SHA256:8c1c7ea4f6655487686342d67f7393aa572881283616134ff39bab5a470fca47
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2872 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 7711AA717F53E25ED39EFD67F8181428)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["dissapoiznw.store", "mobbipenju.store", "bathdoomgaz.store", "clearancek.site", "spirittunek.store", "licendfilteo.site", "studennotediw.store", "eaglepawnoy.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T10:27:02.738048+020020564771Domain Observed Used for C2 Detected192.168.2.6645761.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T10:27:02.425727+020020564711Domain Observed Used for C2 Detected192.168.2.6494601.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T10:27:02.656424+020020564811Domain Observed Used for C2 Detected192.168.2.6513571.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T10:27:02.484690+020020564831Domain Observed Used for C2 Detected192.168.2.6539931.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T10:27:02.762256+020020564731Domain Observed Used for C2 Detected192.168.2.6499231.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T10:27:02.443939+020020564851Domain Observed Used for C2 Detected192.168.2.6513861.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T10:27:02.749805+020020564751Domain Observed Used for C2 Detected192.168.2.6551101.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T10:27:02.724984+020020564791Domain Observed Used for C2 Detected192.168.2.6590711.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-25T10:27:04.329239+020028586661Domain Observed Used for C2 Detected192.168.2.649709104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: file.exeAvira: detected
    Found malware configuration
    Source: file.exe.2872.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["dissapoiznw.store", "mobbipenju.store", "bathdoomgaz.store", "clearancek.site", "spirittunek.store", "licendfilteo.site", "studennotediw.store", "eaglepawnoy.store"], "Build id": "4SD0y4--legendaryy"}
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49709 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00FA50FA
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00F6D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00F6D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_00FA63B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00FA5700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00FA99D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_00FA695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_00F6FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00F70EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00FA6094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00FA4040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_00F9F030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00F76F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_00F61000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00F8D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00F742FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00F82260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00F82260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00F923E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00F923E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00F923E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00F923E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_00F923E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_00F923E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_00F6A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_00FA64B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_00F8C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00F7D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00FA1440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_00F7B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00F8E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00F68590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00F76536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00FA7520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00F89510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00F8E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00F9B650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_00FA67EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00F8D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00FA7710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00F828E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_00F649A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_00F7D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00FA3920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00F71ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00F65A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00FA4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00F71A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00F73BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00F71BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00F90B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_00F7DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_00F7DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00FA9B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00FA9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00FA9CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_00F8CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00F8CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_00F8CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00F8AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_00F8AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_00F8EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_00F9FC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00F87C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00FA8D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_00F8DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_00F8FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_00F6BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00F76EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00F66EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00F71E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00F85E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00F87E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_00F8AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00F74E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00F68FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_00F7FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00FA5FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00FA7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00FA7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00F76F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00F9FF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00F89F62

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:51386 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:49460 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:59071 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:51357 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:64576 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:55110 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:49923 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:53993 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49709 -> 104.102.49.254:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://sto# equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: owered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://wwVq equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156945388.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156945388.00000000013C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156945388.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.cloudflare.sT
    Source: file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8d
    Source: file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000003.2136180255.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site/
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4B
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1&
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001431000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=UuGFpt56D9L4&l=
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=KkhJqW2NGKiM&l=engli
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=qYlgdgWOD4Ng&amp
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
    Source: file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
    Source: file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
    Source: file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dissapoiznw.store/
    Source: file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dissapoiznw.store/7
    Source: file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dissapoiznw.store/O?1
    Source: file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dissapoiznw.store/W?
    Source: file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dissapoiznw.store/api
    Source: file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dissapoiznw.store/apih8
    Source: file.exe, 00000000.00000003.2137273878.00000000013C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eaglepawnoy.store/
    Source: file.exe, 00000000.00000003.2137273878.00000000013C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eaglepawnoy.store/W?
    Source: file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137273878.00000000013C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eaglepawnoy.store/_?
    Source: file.exe, 00000000.00000003.2137273878.00000000013C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eaglepawnoy.store/api
    Source: file.exe, 00000000.00000003.2137273878.00000000013C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eaglepawnoy.store/g?
    Source: file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2136180255.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137273878.00000000013C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobbipenju.store/
    Source: file.exe, 00000000.00000003.2136180255.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobbipenju.store/W?
    Source: file.exe, 00000000.00000003.2137273878.00000000013C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobbipenju.store/api
    Source: file.exe, 00000000.00000003.2136180255.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobbipenju.store/g?
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156945388.00000000013AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
    Source: file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
    Source: file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api2
    Source: file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apiA
    Source: file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/r
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akama
    Source: file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geona
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156945388.00000000013C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000002.2156945388.00000000013C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000002.2156945388.00000000013C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001431000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001431000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec81
    Source: file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156945388.00000000013C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptc
    Source: file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49709 version: TLS 1.2

    System Summary

    barindex
    PE file contains section with special chars
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F702280_2_00F70228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011251330_2_01125133
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAA0D00_2_00FAA0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011201690_2_01120169
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010761B10_2_010761B1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA40400_2_00FA4040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F720300_2_00F72030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F610000_2_00F61000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011020150_2_01102015
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F671F00_2_00F671F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6E1A00_2_00F6E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F651600_2_00F65160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F612F70_2_00F612F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F982D00_2_00F982D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F912D00_2_00F912D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A237C0_2_010A237C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F923E00_2_00F923E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F613A30_2_00F613A3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6B3A00_2_00F6B3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6A3000_2_00F6A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F964F00_2_00F964F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010F65140_2_010F6514
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F7049B0_2_00F7049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F744870_2_00F74487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F8C4700_2_00F8C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F7C5F00_2_00F7C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F635B00_2_00F635B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F685900_2_00F68590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011237130_2_01123713
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA86F00_2_00FA86F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0109C7750_2_0109C775
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA86520_2_00FA8652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6164F0_2_00F6164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9F6200_2_00F9F620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0111E69A0_2_0111E69A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9B8C00_2_00F9B8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9E8A00_2_00F9E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F918600_2_00F91860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6A8500_2_00F6A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA89A00_2_00FA89A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F8098B0_2_00F8098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0112D8AA0_2_0112D8AA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA7AB00_2_00FA7AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0112BB5E0_2_0112BB5E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA8A800_2_00FA8A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA4A400_2_00FA4A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F67BF00_2_00F67BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01104A230_2_01104A23
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F7DB6F0_2_00F7DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F8CCD00_2_00F8CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA6CBF0_2_00FA6CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA8C020_2_00FA8C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01126C020_2_01126C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F88D620_2_00F88D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F8DD290_2_00F8DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F8FD100_2_00F8FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6BEB00_2_00F6BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F76EBF0_2_00F76EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C8F7A0_2_010C8F7A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA8E700_2_00FA8E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F8AE570_2_00F8AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F74E2A0_2_00F74E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F68FD00_2_00F68FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA7FC00_2_00FA7FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010DBEA80_2_010DBEA8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F6AF100_2_00F6AF10
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00F7D300 appears 152 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00F6CAA0 appears 48 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9993489583333334
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@10/1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F98220 CoCreateInstance,0_2_00F98220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: file.exeStatic file information: File size 2884096 > 1048576
    Source: file.exeStatic PE information: Raw size of fwrqiggf is bigger than: 0x100000 < 0x296a00

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.f60000.0.unpack :EW;.rsrc :W;.idata :W;fwrqiggf:EW;fcahcrnz:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;fwrqiggf:EW;fcahcrnz:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x2cfd0e should be: 0x2ce0ee
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name: fwrqiggf
    Source: file.exeStatic PE information: section name: fcahcrnz
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push eax; mov dword ptr [esp], esi0_2_011251CA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push esi; mov dword ptr [esp], ebp0_2_0112523E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push edx; mov dword ptr [esp], 00000000h0_2_01125364
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push ebp; mov dword ptr [esp], edx0_2_011254FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push 1A653A26h; mov dword ptr [esp], ebx0_2_01125530
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push ebp; mov dword ptr [esp], eax0_2_0112554F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push ecx; mov dword ptr [esp], 6CB3696Bh0_2_01125613
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push ebp; mov dword ptr [esp], 4EF60048h0_2_0112561E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push edi; mov dword ptr [esp], esi0_2_01125631
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push 7CF0E324h; mov dword ptr [esp], ebx0_2_01125699
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push 57599521h; mov dword ptr [esp], ecx0_2_01125732
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push ecx; mov dword ptr [esp], edx0_2_01125770
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push 533490A7h; mov dword ptr [esp], esi0_2_01125829
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push 29A7034Bh; mov dword ptr [esp], edx0_2_01125845
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push 43DEEE13h; mov dword ptr [esp], ebp0_2_01125899
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push eax; mov dword ptr [esp], 73C76D00h0_2_011258A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push edi; mov dword ptr [esp], edx0_2_01125965
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push 39F8EB48h; mov dword ptr [esp], ebp0_2_01125A6C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push ebp; mov dword ptr [esp], edx0_2_01125B11
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push eax; mov dword ptr [esp], 2CF48CA4h0_2_01125B49
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push 54EFA8FDh; mov dword ptr [esp], ebp0_2_01125BAB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push esi; mov dword ptr [esp], 15471CA7h0_2_01125C00
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push 150DDE23h; mov dword ptr [esp], edi0_2_01125CF3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push 0100CE99h; mov dword ptr [esp], eax0_2_01125D31
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push eax; mov dword ptr [esp], 5FF880DAh0_2_01125D44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push 231FA87Eh; mov dword ptr [esp], ecx0_2_01125D87
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push edx; mov dword ptr [esp], eax0_2_01125DD8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push edx; mov dword ptr [esp], 7F3B2202h0_2_01125E6E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push edx; mov dword ptr [esp], eax0_2_01125E87
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push ecx; mov dword ptr [esp], eax0_2_01125EB6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01125133 push 1EED9DFDh; mov dword ptr [esp], esi0_2_01125EDD
    Source: file.exeStatic PE information: section name: entropy: 7.973968269527451

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1133D2C second address: 1133D30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1133D30 second address: 1133D3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F065450A806h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112B6E7 second address: 112B6ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1132F03 second address: 1132F08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1132F08 second address: 1132F45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F0654B82246h 0x00000009 jmp 00007F0654B82257h 0x0000000e jmp 00007F0654B82259h 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11330C9 second address: 11330CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1133394 second address: 11333BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 jmp 00007F0654B8224Ah 0x0000000a pop edi 0x0000000b jbe 00007F0654B8225Ch 0x00000011 jmp 00007F0654B82250h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1133504 second address: 113350B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113350B second address: 113351A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jno 00007F0654B82246h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 113351A second address: 113353B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F065450A810h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d ja 00007F065450A80Eh 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1136174 second address: 11361CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0654B8224Ah 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F0654B82248h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 call 00007F0654B82251h 0x0000002d xor ch, FFFFFFC5h 0x00000030 pop esi 0x00000031 push 00000000h 0x00000033 mov cx, si 0x00000036 push 21CC3187h 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e pushad 0x0000003f popad 0x00000040 jnl 00007F0654B82246h 0x00000046 popad 0x00000047 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11361CE second address: 1136222 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F065450A806h 0x00000009 jl 00007F065450A806h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 xor dword ptr [esp], 21CC3107h 0x00000019 call 00007F065450A80Dh 0x0000001e call 00007F065450A80Ch 0x00000023 pop edi 0x00000024 pop edi 0x00000025 push 00000003h 0x00000027 mov ecx, dword ptr [ebp+122D1E03h] 0x0000002d push 00000000h 0x0000002f mov dh, 82h 0x00000031 push 00000003h 0x00000033 movzx esi, cx 0x00000036 push 6C7A5E34h 0x0000003b push edi 0x0000003c pushad 0x0000003d jnp 00007F065450A806h 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1136222 second address: 1136251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 add dword ptr [esp], 5385A1CCh 0x0000000d lea ebx, dword ptr [ebp+12445D6Bh] 0x00000013 add ecx, 2C60C68Ah 0x00000019 xchg eax, ebx 0x0000001a pushad 0x0000001b jg 00007F0654B8224Ch 0x00000021 jc 00007F0654B8224Ch 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1154D38 second address: 1154D3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1154D3C second address: 1154D55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0654B82253h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1154EE6 second address: 1154F16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A815h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F065450A80Fh 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1154F16 second address: 1154F1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155081 second address: 11550AD instructions: 0x00000000 rdtsc 0x00000002 jne 00007F065450A806h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F065450A810h 0x00000011 jmp 00007F065450A810h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155316 second address: 115533E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0654B82246h 0x0000000a jns 00007F0654B82246h 0x00000010 jmp 00007F0654B82257h 0x00000015 popad 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115533E second address: 115535A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A816h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115535A second address: 115535E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115535E second address: 115537B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007F065450A811h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11554C4 second address: 11554C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11554C8 second address: 11554CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155629 second address: 115562D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115562D second address: 1155631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155631 second address: 1155639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155639 second address: 1155650 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F065450A80Ch 0x00000008 pushad 0x00000009 jnl 00007F065450A806h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155650 second address: 1155684 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0654B82251h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F0654B82257h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155684 second address: 115568A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115568A second address: 115568F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115568F second address: 11556C2 instructions: 0x00000000 rdtsc 0x00000002 je 00007F065450A82Bh 0x00000008 jmp 00007F065450A80Dh 0x0000000d jmp 00007F065450A818h 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115583C second address: 1155842 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155842 second address: 1155848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155848 second address: 1155872 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0654B82255h 0x00000008 jmp 00007F0654B82250h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155872 second address: 1155878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155878 second address: 1155882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11559EA second address: 11559FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F065450A806h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11559FB second address: 1155A01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155A01 second address: 1155A11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F065450A806h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155A11 second address: 1155A27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0654B82252h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155A27 second address: 1155A31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155A31 second address: 1155A35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155A35 second address: 1155A3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155D40 second address: 1155D4A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0654B82246h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155D4A second address: 1155D8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A819h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F065450A80Ch 0x00000011 jmp 00007F065450A814h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155D8A second address: 1155DA5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0654B82246h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F0654B8224Ch 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155DA5 second address: 1155DC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007F065450A816h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155DC4 second address: 1155DCE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0654B82246h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1155F33 second address: 1155F88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jng 00007F065450A806h 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 pop ecx 0x00000012 pushad 0x00000013 push ebx 0x00000014 jmp 00007F065450A812h 0x00000019 pop ebx 0x0000001a push ecx 0x0000001b jmp 00007F065450A80Fh 0x00000020 pop ecx 0x00000021 jmp 00007F065450A815h 0x00000026 je 00007F065450A80Ch 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 111C764 second address: 111C76A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156AB2 second address: 1156AB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156AB6 second address: 1156ABA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156ABA second address: 1156AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156F4E second address: 1156F54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156F54 second address: 1156F68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A810h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156F68 second address: 1156F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0654B82251h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0654B8224Ch 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156F8D second address: 1156F91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 111C755 second address: 111C764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F0654B82246h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115CC1C second address: 115CC20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115CC20 second address: 115CC2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115C0F8 second address: 115C0FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115C0FD second address: 115C107 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F0654B82246h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115D2C8 second address: 115D2DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F065450A80Ah 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115D2DD second address: 115D2E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115D2E2 second address: 115D300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F065450A80Dh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pop ebx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115D300 second address: 115D31A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F0654B8224Dh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115D31A second address: 115D31F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115D31F second address: 115D32A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F0654B82246h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115D32A second address: 115D347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F065450A80Ch 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11659C5 second address: 11659CB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11659CB second address: 1165A24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F065450A806h 0x00000009 jmp 00007F065450A817h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 add dword ptr [esp], 7F53EB71h 0x00000018 mov si, 0D42h 0x0000001c add esi, dword ptr [ebp+122D2B64h] 0x00000022 call 00007F065450A809h 0x00000027 push eax 0x00000028 push edx 0x00000029 push esi 0x0000002a jmp 00007F065450A818h 0x0000002f pop esi 0x00000030 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1165A24 second address: 1165A33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1165A33 second address: 1165A39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1165A39 second address: 1165A88 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0654B82246h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edi 0x00000011 jmp 00007F0654B82252h 0x00000016 pop edi 0x00000017 mov eax, dword ptr [eax] 0x00000019 jmp 00007F0654B8224Ah 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F0654B82259h 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1166055 second address: 1166059 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1166734 second address: 116674C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jp 00007F0654B82246h 0x00000011 je 00007F0654B82246h 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1166CDD second address: 1166CE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1166CE1 second address: 1166CFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0654B82257h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1168D77 second address: 1168D7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116845B second address: 1168461 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1168D7B second address: 1168D85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1168461 second address: 116846B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F0654B82246h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1168D85 second address: 1168D89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116846B second address: 116846F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1168D89 second address: 1168DB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push edx 0x0000000a jo 00007F065450A806h 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F065450A815h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1168DB1 second address: 1168DB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11697BB second address: 11697C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116AE51 second address: 116AE6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0654B82250h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116C412 second address: 116C417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116C417 second address: 116C41D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116C41D second address: 116C49A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a jne 00007F065450A808h 0x00000010 pop esi 0x00000011 nop 0x00000012 cmc 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebp 0x00000018 call 00007F065450A808h 0x0000001d pop ebp 0x0000001e mov dword ptr [esp+04h], ebp 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc ebp 0x0000002b push ebp 0x0000002c ret 0x0000002d pop ebp 0x0000002e ret 0x0000002f sub dword ptr [ebp+124586C1h], edx 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F065450A808h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 00000015h 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 mov esi, 5CA1AD28h 0x00000056 xchg eax, ebx 0x00000057 jmp 00007F065450A813h 0x0000005c push eax 0x0000005d push edi 0x0000005e pushad 0x0000005f push edi 0x00000060 pop edi 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129B69 second address: 1129B6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1129B6F second address: 1129B81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F065450A80Ch 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1171C33 second address: 1171C37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1171C37 second address: 1171C45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F065450A80Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1173C44 second address: 1173C50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F0654B82246h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1173C50 second address: 1173C54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1173C54 second address: 1173C58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1173C58 second address: 1173C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1173C5E second address: 1173C71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F0654B82283h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1173C71 second address: 1173C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F065450A80Ah 0x00000009 jg 00007F065450A806h 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11742E9 second address: 1174306 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0654B82259h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1170E52 second address: 1170F01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F065450A816h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 mov dword ptr [ebp+122D30DBh], ecx 0x00000016 push dword ptr fs:[00000000h] 0x0000001d jmp 00007F065450A814h 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 sbb di, 3B5Dh 0x0000002e mov eax, dword ptr [ebp+122D093Dh] 0x00000034 push 00000000h 0x00000036 push esi 0x00000037 call 00007F065450A808h 0x0000003c pop esi 0x0000003d mov dword ptr [esp+04h], esi 0x00000041 add dword ptr [esp+04h], 00000018h 0x00000049 inc esi 0x0000004a push esi 0x0000004b ret 0x0000004c pop esi 0x0000004d ret 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push ecx 0x00000053 call 00007F065450A808h 0x00000058 pop ecx 0x00000059 mov dword ptr [esp+04h], ecx 0x0000005d add dword ptr [esp+04h], 0000001Ah 0x00000065 inc ecx 0x00000066 push ecx 0x00000067 ret 0x00000068 pop ecx 0x00000069 ret 0x0000006a mov bh, 8Fh 0x0000006c mov di, 0935h 0x00000070 nop 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007F065450A80Eh 0x00000078 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1170F01 second address: 1170F1F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0654B82248h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0654B8224Fh 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1171E7E second address: 1171E82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11754F3 second address: 11754F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11754F7 second address: 11754FD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11781ED second address: 11781F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1176431 second address: 117643B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F065450A806h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117643B second address: 1176441 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1176441 second address: 1176445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11790F3 second address: 1179148 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F0654B8224Eh 0x0000000d nop 0x0000000e sub dword ptr [ebp+1244DCBCh], esi 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007F0654B82248h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 0000001Dh 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 mov bx, di 0x00000033 push 00000000h 0x00000035 cld 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push esi 0x0000003a jg 00007F0654B82246h 0x00000040 pop esi 0x00000041 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1179148 second address: 117914D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117A10C second address: 117A111 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117E1A6 second address: 117E1AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117F2EB second address: 117F2F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117F2F1 second address: 117F369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 jmp 00007F065450A80Ah 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F065450A808h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov bx, B500h 0x0000002d clc 0x0000002e push 00000000h 0x00000030 mov ebx, dword ptr [ebp+122D2B38h] 0x00000036 xchg eax, esi 0x00000037 pushad 0x00000038 jmp 00007F065450A812h 0x0000003d jnl 00007F065450A819h 0x00000043 popad 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 js 00007F065450A808h 0x0000004d pushad 0x0000004e popad 0x0000004f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117A31F second address: 117A324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117B342 second address: 117B34C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F065450A806h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117D2EA second address: 117D318 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F0654B8224Ch 0x0000000c js 00007F0654B82246h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F0654B82257h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117D318 second address: 117D31C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118041C second address: 118043D instructions: 0x00000000 rdtsc 0x00000002 je 00007F0654B82256h 0x00000008 jmp 00007F0654B82250h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118043D second address: 1180441 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1180441 second address: 1180447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1180447 second address: 11804B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jns 00007F065450A806h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f mov ebx, edi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F065450A808h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d xor dword ptr [ebp+1245676Bh], ebx 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ebp 0x00000038 call 00007F065450A808h 0x0000003d pop ebp 0x0000003e mov dword ptr [esp+04h], ebp 0x00000042 add dword ptr [esp+04h], 0000001Dh 0x0000004a inc ebp 0x0000004b push ebp 0x0000004c ret 0x0000004d pop ebp 0x0000004e ret 0x0000004f mov dword ptr [ebp+12468452h], eax 0x00000055 xchg eax, esi 0x00000056 push ebx 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117F5A7 second address: 117F5AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11804B2 second address: 11804B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117F5AC second address: 117F5B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117F5B1 second address: 117F5B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118065E second address: 118067A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0654B82246h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F0654B8224Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118514A second address: 1185150 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11871FE second address: 118721D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0654B82246h 0x0000000a pop ecx 0x0000000b pop edi 0x0000000c pushad 0x0000000d jc 00007F0654B8224Eh 0x00000013 pushad 0x00000014 popad 0x00000015 jnc 00007F0654B82246h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118721D second address: 1187221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1187221 second address: 1187225 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1187225 second address: 118724B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F065450A814h 0x0000000e jmp 00007F065450A80Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 jnp 00007F065450A806h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118724B second address: 118724F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118B673 second address: 118B67D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F065450A806h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118B67D second address: 118B681 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118B681 second address: 118B687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118B687 second address: 118B69F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0654B8224Ch 0x00000008 jne 00007F0654B82246h 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007F0654B82246h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118B821 second address: 118B859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F065450A806h 0x0000000a pop edx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F065450A813h 0x00000013 pushad 0x00000014 jmp 00007F065450A813h 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b popad 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118B859 second address: 118B86D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F0654B8224Eh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118BAFB second address: 118BAFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118BAFF second address: 118BB03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11903E0 second address: 119040C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jl 00007F065450A80Ah 0x0000000f push eax 0x00000010 pushad 0x00000011 popad 0x00000012 pop eax 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F065450A812h 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119040C second address: 1190420 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0654B8224Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1190420 second address: 1190424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1190424 second address: 1190468 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0654B8224Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007F0654B82251h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F0654B82259h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1124C65 second address: 1124C75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F065450A806h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1126744 second address: 112674F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0654B82246h 0x0000000a pop ebx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112674F second address: 1126777 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F065450A81Bh 0x00000008 jmp 00007F065450A815h 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jns 00007F065450A806h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1126777 second address: 112677D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1195E0A second address: 1195E11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1195E11 second address: 1195E39 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F0654B8224Dh 0x0000000a pop edi 0x0000000b pushad 0x0000000c jmp 00007F0654B8224Ch 0x00000011 jnc 00007F0654B82246h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1195E39 second address: 1195E45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1195E45 second address: 1195E49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1195E49 second address: 1195E61 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F065450A80Ch 0x0000000c jnl 00007F065450A806h 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pop edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1195E61 second address: 1195E6F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F0654B82246h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11963CE second address: 11963D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11963D2 second address: 1196407 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0654B82246h 0x00000008 jmp 00007F0654B82257h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 jc 00007F0654B82246h 0x00000016 jnc 00007F0654B82246h 0x0000001c pop esi 0x0000001d pop edi 0x0000001e push eax 0x0000001f push edx 0x00000020 push ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1196407 second address: 1196439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F065450A818h 0x00000009 pop ecx 0x0000000a push esi 0x0000000b jmp 00007F065450A812h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1196439 second address: 119643E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1196580 second address: 1196593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push ecx 0x00000008 jno 00007F065450A806h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1196593 second address: 1196597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1196597 second address: 11965C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F065450A812h 0x0000000d jmp 00007F065450A812h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1196703 second address: 1196707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1196707 second address: 119670E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119670E second address: 119671E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0654B82246h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119671E second address: 1196750 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F065450A806h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F065450A819h 0x00000014 push eax 0x00000015 push edx 0x00000016 je 00007F065450A806h 0x0000001c push edi 0x0000001d pop edi 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1196750 second address: 1196764 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0654B82250h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11968BC second address: 11968C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11968C0 second address: 11968F5 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0654B82246h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f jmp 00007F0654B8224Eh 0x00000014 pop eax 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F0654B82253h 0x0000001d popad 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1196BAA second address: 1196BAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1196BAE second address: 1196BC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F0654B8224Bh 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1196BC3 second address: 1196BDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F065450A815h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119B7E7 second address: 119B7FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0654B82252h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119B7FD second address: 119B80E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 jnc 00007F065450A820h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119B80E second address: 119B814 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164444 second address: 116444A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116444A second address: 116444F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116444F second address: 1164455 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164455 second address: 1164459 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164459 second address: 114A502 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push eax 0x0000000c mov dword ptr [ebp+122D2F7Ch], esi 0x00000012 pop edx 0x00000013 lea eax, dword ptr [ebp+12474226h] 0x00000019 mov edi, dword ptr [ebp+122D2D5Ch] 0x0000001f ja 00007F065450A80Ch 0x00000025 push eax 0x00000026 push esi 0x00000027 push eax 0x00000028 jnl 00007F065450A806h 0x0000002e pop eax 0x0000002f pop esi 0x00000030 mov dword ptr [esp], eax 0x00000033 push 00000000h 0x00000035 push edi 0x00000036 call 00007F065450A808h 0x0000003b pop edi 0x0000003c mov dword ptr [esp+04h], edi 0x00000040 add dword ptr [esp+04h], 0000001Bh 0x00000048 inc edi 0x00000049 push edi 0x0000004a ret 0x0000004b pop edi 0x0000004c ret 0x0000004d jmp 00007F065450A817h 0x00000052 mov edx, 30F5E46Eh 0x00000057 call dword ptr [ebp+122D2800h] 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 pushad 0x00000061 popad 0x00000062 push eax 0x00000063 pop eax 0x00000064 pushad 0x00000065 popad 0x00000066 jc 00007F065450A806h 0x0000006c popad 0x0000006d jmp 00007F065450A816h 0x00000072 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11645A2 second address: 116465D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0654B82255h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebx 0x0000000b movzx edi, dx 0x0000000e push dword ptr fs:[00000000h] 0x00000015 and ch, 0000000Ah 0x00000018 mov dword ptr fs:[00000000h], esp 0x0000001f mov edx, 737862E7h 0x00000024 mov edi, dword ptr [ebp+122D2F3Bh] 0x0000002a mov dword ptr [ebp+1247427Eh], esp 0x00000030 push 00000000h 0x00000032 push ebp 0x00000033 call 00007F0654B82248h 0x00000038 pop ebp 0x00000039 mov dword ptr [esp+04h], ebp 0x0000003d add dword ptr [esp+04h], 0000001Ch 0x00000045 inc ebp 0x00000046 push ebp 0x00000047 ret 0x00000048 pop ebp 0x00000049 ret 0x0000004a mov ecx, dword ptr [ebp+122D2CC4h] 0x00000050 cmp dword ptr [ebp+122D2D14h], 00000000h 0x00000057 jne 00007F0654B822DCh 0x0000005d mov edx, dword ptr [ebp+122D270Dh] 0x00000063 mov byte ptr [ebp+122D2F14h], 00000047h 0x0000006a push 00000000h 0x0000006c push ebp 0x0000006d call 00007F0654B82248h 0x00000072 pop ebp 0x00000073 mov dword ptr [esp+04h], ebp 0x00000077 add dword ptr [esp+04h], 0000001Ah 0x0000007f inc ebp 0x00000080 push ebp 0x00000081 ret 0x00000082 pop ebp 0x00000083 ret 0x00000084 mov ecx, 118A43E1h 0x00000089 mov eax, D49AA7D2h 0x0000008e mov dword ptr [ebp+122D1E08h], ebx 0x00000094 push eax 0x00000095 push edi 0x00000096 push edi 0x00000097 push eax 0x00000098 push edx 0x00000099 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116489E second address: 11648A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1164991 second address: 11649AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0654B82256h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116564C second address: 1165650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1165650 second address: 1165684 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0654B82246h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c mov dx, ax 0x0000000f lea eax, dword ptr [ebp+12474226h] 0x00000015 call 00007F0654B82251h 0x0000001a sub dword ptr [ebp+12468C9Eh], ebx 0x00000020 pop ecx 0x00000021 nop 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push edx 0x00000027 pop edx 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1165684 second address: 116568E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F065450A806h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 116568E second address: 11656AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007F0654B82246h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 jp 00007F0654B82246h 0x00000017 push edx 0x00000018 pop edx 0x00000019 popad 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119F998 second address: 119F9DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A80Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F065450A812h 0x00000011 jl 00007F065450A806h 0x00000017 ja 00007F065450A806h 0x0000001d popad 0x0000001e jmp 00007F065450A810h 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A01F2 second address: 11A01F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A034C second address: 11A035E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F065450A80Eh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A035E second address: 11A0378 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0654B82246h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A0378 second address: 11A037C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A037C second address: 11A0382 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A0382 second address: 11A0387 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A4A3E second address: 11A4A4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F0654B82246h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A4A4D second address: 11A4A51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A4A51 second address: 11A4A57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A4BD9 second address: 11A4BDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A4BDD second address: 11A4C06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0654B8224Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b ja 00007F0654B82252h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A4C06 second address: 11A4C0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A4D7E second address: 11A4DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0654B82259h 0x00000009 push ebx 0x0000000a jmp 00007F0654B82256h 0x0000000f pushad 0x00000010 popad 0x00000011 pop ebx 0x00000012 push esi 0x00000013 jnc 00007F0654B82246h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A51BF second address: 11A51C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A543F second address: 11A5444 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A5444 second address: 11A5449 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A5839 second address: 11A5844 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AAFE1 second address: 11AB00E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A818h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F065450A80Fh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AB00E second address: 11AB027 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0654B82252h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A9CF6 second address: 11A9D0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jbe 00007F065450A806h 0x0000000c jmp 00007F065450A80Dh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A9E76 second address: 11A9E82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F0654B82246h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A9E82 second address: 11A9EA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jbe 00007F065450A806h 0x00000009 pop eax 0x0000000a jnc 00007F065450A812h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 js 00007F065450A80Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A9EA9 second address: 11A9EB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jc 00007F0654B82246h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AA4B6 second address: 11AA4BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ebx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AA8B0 second address: 11AA8B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AA8B8 second address: 11AA8BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AAA34 second address: 11AAA3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AAA3A second address: 11AAA40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AAD00 second address: 11AAD06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AAD06 second address: 11AAD0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B07F9 second address: 11B0830 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F0654B82254h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push esi 0x0000000d pop esi 0x0000000e jmp 00007F0654B82255h 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B0830 second address: 11B0834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B0834 second address: 11B0838 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B3063 second address: 11B3068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B3068 second address: 11B308E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0654B82256h 0x00000008 push eax 0x00000009 pop eax 0x0000000a js 00007F0654B82246h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B308E second address: 11B3094 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B3094 second address: 11B3098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B832A second address: 11B832E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B7DB0 second address: 11B7DB6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B7DB6 second address: 11B7DBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BAEDF second address: 11BAEE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BA73C second address: 11BA746 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F065450A806h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BA88F second address: 11BA893 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BAB98 second address: 11BABC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F065450A811h 0x00000009 popad 0x0000000a jmp 00007F065450A80Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BABC1 second address: 11BABC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BABC5 second address: 11BABC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BABC9 second address: 11BABEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 je 00007F0654B82246h 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0654B82252h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BABEF second address: 11BABF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C0CEA second address: 11C0CEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C0FB7 second address: 11C0FBE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C0FBE second address: 11C0FC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C0FC9 second address: 11C0FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C0FCD second address: 11C0FEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0654B82257h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C0FEF second address: 11C0FF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C0FF3 second address: 11C0FF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C13F5 second address: 11C13FF instructions: 0x00000000 rdtsc 0x00000002 jng 00007F065450A806h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C13FF second address: 11C140B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F0654B82246h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C140B second address: 11C140F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C140F second address: 11C1415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C1415 second address: 11C144D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b jmp 00007F065450A813h 0x00000010 jbe 00007F065450A806h 0x00000016 pop ebx 0x00000017 jmp 00007F065450A813h 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C144D second address: 11C1470 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0654B82254h 0x00000007 pushad 0x00000008 jc 00007F0654B82246h 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C20D3 second address: 11C20F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 jmp 00007F065450A80Ch 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push edi 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C20F3 second address: 11C20F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C20F7 second address: 11C20FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C20FB second address: 11C2101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C7DF2 second address: 11C7DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C7DF6 second address: 11C7DFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C8283 second address: 11C8297 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F065450A806h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F065450A806h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C857A second address: 11C857E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C857E second address: 11C85C8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F065450A806h 0x00000008 jmp 00007F065450A80Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 jmp 00007F065450A816h 0x00000015 pop ebx 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F065450A80Bh 0x0000001e jmp 00007F065450A80Dh 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C88A2 second address: 11C88A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C88A8 second address: 11C88B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C88B0 second address: 11C88C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0654B82246h 0x0000000a pop edx 0x0000000b je 00007F0654B8224Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C8E96 second address: 11C8EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F065450A806h 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 jc 00007F065450A806h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C948A second address: 11C9492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C9492 second address: 11C9497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C9497 second address: 11C94A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F0654B82246h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C97B9 second address: 11C97BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C9AA7 second address: 11C9AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C9AB2 second address: 11C9AB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CE2E1 second address: 11CE2F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F0654B82246h 0x0000000a jc 00007F0654B82246h 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CE2F2 second address: 11CE331 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A811h 0x00000007 ja 00007F065450A80Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push edi 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop edi 0x00000014 pushad 0x00000015 jg 00007F065450A806h 0x0000001b pushad 0x0000001c popad 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 jng 00007F065450A808h 0x00000026 pushad 0x00000027 popad 0x00000028 pushad 0x00000029 pushad 0x0000002a popad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D150A second address: 11D1511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D1511 second address: 11D1517 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D1517 second address: 11D151D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D88DF second address: 11D88E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D88E5 second address: 11D88EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D88EA second address: 11D8900 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F065450A812h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D8D6A second address: 11D8D85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 js 00007F0654B8225Ah 0x0000000b jmp 00007F0654B8224Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D8D85 second address: 11D8D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D8D8E second address: 11D8D96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D8D96 second address: 11D8DB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F065450A806h 0x0000000a popad 0x0000000b push esi 0x0000000c jmp 00007F065450A811h 0x00000011 pop esi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D8DB7 second address: 11D8DBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D8F2A second address: 11D8F2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D8F2E second address: 11D8F34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D8F34 second address: 11D8F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F065450A816h 0x0000000c jno 00007F065450A806h 0x00000012 jmp 00007F065450A80Ah 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D9242 second address: 11D9252 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F0654B82246h 0x0000000a ja 00007F0654B82246h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D9FA5 second address: 11D9FB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A80Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D8500 second address: 11D8507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112178A second address: 11217C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F065450A80Eh 0x0000000c jns 00007F065450A806h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jc 00007F065450A806h 0x0000001d pushad 0x0000001e popad 0x0000001f push edi 0x00000020 pop edi 0x00000021 jmp 00007F065450A817h 0x00000026 popad 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11217C3 second address: 11217D5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F0654B8224Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EBF66 second address: 11EBF6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EBF6A second address: 11EBF7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F0654B82246h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EFF38 second address: 11EFF3D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112D052 second address: 112D05A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 112D05A second address: 112D068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jo 00007F065450A806h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FFD7A second address: 11FFDB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007F0654B82246h 0x0000000d jp 00007F0654B82246h 0x00000013 jnl 00007F0654B82246h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c jl 00007F0654B82254h 0x00000022 jmp 00007F0654B8224Eh 0x00000027 pushad 0x00000028 je 00007F0654B82246h 0x0000002e jne 00007F0654B82246h 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FFDB9 second address: 11FFDDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F065450A816h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FFDDB second address: 11FFE0A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F0654B82258h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F0654B82251h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FFE0A second address: 11FFE39 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F065450A810h 0x00000008 jmp 00007F065450A815h 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12094AF second address: 12094B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12094B3 second address: 12094B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1207B76 second address: 1207B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0654B82252h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1207B91 second address: 1207B95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1207B95 second address: 1207B99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1207B99 second address: 1207BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F065450A832h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F065450A80Ah 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1207BE2 second address: 1207BFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0654B8224Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F0654B8224Bh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1207D67 second address: 1207D6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1207ED5 second address: 1207EE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0654B82246h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1207EE1 second address: 1207EEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1207EEC second address: 1207EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1207EF0 second address: 1207F14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A815h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1208254 second address: 120826D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0654B82254h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120826D second address: 120828D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F065450A813h 0x00000013 jmp 00007F065450A80Dh 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12085A3 second address: 12085A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12085A7 second address: 12085C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F065450A806h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1208751 second address: 1208758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1208758 second address: 1208774 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A812h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007F065450A806h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1209178 second address: 1209189 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0654B8224Ch 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1209189 second address: 1209191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120C23B second address: 120C243 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120BF1F second address: 120BF25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120BF25 second address: 120BF3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0654B82251h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120BF3A second address: 120BF48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F065450A806h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1217BAA second address: 1217BAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1217BAE second address: 1217BCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A819h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1217BCD second address: 1217BD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F0654B82246h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121E4E2 second address: 121E4E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121E4E6 second address: 121E4F3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0654B82246h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121E4F3 second address: 121E510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jnp 00007F065450A812h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121E510 second address: 121E516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121E516 second address: 121E521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 push eax 0x00000007 pop eax 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop esi 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121E521 second address: 121E527 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121E527 second address: 121E548 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F065450A806h 0x00000008 jmp 00007F065450A813h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121E31C second address: 121E370 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0654B82252h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f jmp 00007F0654B8224Eh 0x00000014 pop esi 0x00000015 pushad 0x00000016 ja 00007F0654B82246h 0x0000001c js 00007F0654B82246h 0x00000022 jmp 00007F0654B82255h 0x00000027 jbe 00007F0654B82246h 0x0000002d popad 0x0000002e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122BEF4 second address: 122BEF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122BD10 second address: 122BD30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0654B82252h 0x0000000d jp 00007F0654B82246h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122BD30 second address: 122BD3C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122BD3C second address: 122BD42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122BD42 second address: 122BD46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122BD46 second address: 122BD4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122BD4A second address: 122BD60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F065450A80Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122BD60 second address: 122BD64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122DCB5 second address: 122DCBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122D981 second address: 122D987 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122D987 second address: 122D9A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A813h 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122D9A3 second address: 122D9E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jng 00007F0654B82261h 0x0000000e jmp 00007F0654B82253h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122D9E3 second address: 122D9E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12461F2 second address: 1246204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F0654B82246h 0x0000000a push eax 0x0000000b ja 00007F0654B82246h 0x00000011 pop eax 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1246204 second address: 1246225 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F065450A815h 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007F065450A806h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1246225 second address: 1246229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1246229 second address: 1246272 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A813h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007F065450A82Ch 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1246272 second address: 1246281 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F0654B82246h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245132 second address: 124513A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12452AC second address: 12452B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F0654B82246h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12452B7 second address: 12452BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245580 second address: 1245586 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245586 second address: 12455C6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F065450A806h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F065450A80Eh 0x00000012 jmp 00007F065450A818h 0x00000017 jmp 00007F065450A80Bh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12455C6 second address: 12455D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jc 00007F0654B82246h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12455D8 second address: 1245602 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A80Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F065450A814h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245602 second address: 1245606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245A77 second address: 1245A90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F065450A815h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245A90 second address: 1245AAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F0654B82254h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245AAA second address: 1245AB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245AB8 second address: 1245AD3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0654B82255h 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245AD3 second address: 1245AD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245AD9 second address: 1245ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245C68 second address: 1245C7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F065450A80Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245DD6 second address: 1245DDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245DDF second address: 1245DE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245DE3 second address: 1245DF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F0654B82246h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245F5B second address: 1245F61 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1245F61 second address: 1245F6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F0654B82248h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1248F3C second address: 1248F40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1248F40 second address: 1248F44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124A459 second address: 124A461 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124BE80 second address: 124BEA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jbe 00007F0654B8224Ch 0x0000000b jmp 00007F0654B82251h 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124BEA5 second address: 124BEC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e pop eax 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F065450A80Eh 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124B9F7 second address: 124B9FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124B9FF second address: 124BA1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F065450A806h 0x0000000a popad 0x0000000b jmp 00007F065450A80Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124BA1B second address: 124BA1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124BA1F second address: 124BA2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124BA2E second address: 124BA46 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F0654B82250h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 124BA46 second address: 124BA50 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F065450A812h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0DDC second address: 52B0DE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0DE2 second address: 52B0DE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 115D0ED instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 115B78E instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 11645E2 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 11E15CF instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 5492Thread sleep time: -30000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: file.exe, 00000000.00000002.2156945388.000000000136E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA5BB0 LdrInitializeThunk,0_2_00FA5BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: bathdoomgaz.store
    Source: file.exeString found in binary or memory: spirittunek.store
    Source: file.exeString found in binary or memory: dissapoiznw.store
    Source: file.exeString found in binary or memory: studennotediw.store
    Source: file.exeString found in binary or memory: mobbipenju.store
    Source: file.exeString found in binary or memory: eaglepawnoy.store
    Source: file.exe, 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: BProgram Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    PowerShell    		1
    DLL Side-Loading    		1
    Process Injection    		24
    Virtualization/Sandbox Evasion    		OS Credential Dumping631
    Security Software Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory24
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager2
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture113
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.TPM.Gen
    file.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truetrue
      		unknown
      eaglepawnoy.store
      		unknown
      		unknowntrue
        		unknown
        bathdoomgaz.store
        		unknown
        		unknowntrue
          		unknown
          spirittunek.store
          		unknown
          		unknowntrue
            		unknown
            licendfilteo.site
            		unknown
            		unknowntrue
              		unknown
              studennotediw.store
              		unknown
              		unknowntrue
                		unknown
                mobbipenju.store
                		unknown
                		unknowntrue
                  		unknown
                  sergei-esenin.com
                  		unknown
                  		unknownfalse
                    		unknown
                    clearancek.site
                    		unknown
                    		unknowntrue
                      		unknown
                      dissapoiznw.store
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        studennotediw.storetrue
                          		unknown
                          dissapoiznw.storetrue
                            		unknown
                            https://steamcommunity.com/profiles/76561199724331900true
                              		unknown
                              eaglepawnoy.storetrue
                                		unknown
                                bathdoomgaz.storetrue
                                  		unknown
                                  clearancek.sitetrue
                                    		unknown
                                    spirittunek.storetrue
                                      		unknown
                                      licendfilteo.sitetrue
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://player.vimeo.comfile.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcVfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://sergei-esenin.com/file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156945388.00000000013AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=UuGFpt56D9L4&amp;l=file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englifile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&amp;file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4Bfile.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.youtube.comfile.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://www.google.comfile.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://steambroadcast-test.akamafile.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://eaglepawnoy.store/file.exe, 00000000.00000003.2137273878.00000000013C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://dissapoiznw.store/apih8file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://steam.tv/file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BXfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156945388.00000000013C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPKfile.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&ampfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1&amp;file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://sketchfab.comfile.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://dissapoiznw.store/apifile.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://lv.queniujq.cnfile.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://steamcommunity.com/profiles/76561199724331900/inventory/file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001431000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://clearancek.site/file.exe, 00000000.00000003.2136180255.00000000013C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=qYlgdgWOD4Ng&ampfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://sergei-esenin.com/rfile.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://www.google.com/recaptcha/file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://checkout.steampowered.com/file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://dissapoiznw.store/file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://store.steampowered.com/;file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=KkhJqW2NGKiM&amp;l=englifile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://store.steampowered.com/about/file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://community.cloudflare.steamstatic.com/file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://eaglepawnoy.store/g?file.exe, 00000000.00000003.2137273878.00000000013C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dfile.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://steamcommunity.com/profiles/76561199724331900/file.exe, 00000000.00000002.2156945388.00000000013C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://help.steampowered.com/en/file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://steamcommunity.com/market/file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://store.steampowered.com/news/file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://eaglepawnoy.store/W?file.exe, 00000000.00000003.2137273878.00000000013C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156945388.00000000013C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://dissapoiznw.store/O?1file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156945388.00000000013C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuXfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://dissapoiznw.store/W?file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://eaglepawnoy.store/_?file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137273878.00000000013C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://steamcommunity.com/discussions/file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://sergei-esenin.com/apiAfile.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://store.steampowered.com/stats/file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&amp;l=englisfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://medal.tvfile.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&ampfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155653537.00000000013C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pfile.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://sergei-esenin.com/api2file.exe, 00000000.00000003.2155759399.00000000013E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://steamcommunity.com/workshop/file.exe, 00000000.00000003.2155172963.000000000142A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://login.steampowered.com/file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://store.steampowered.com/legal/file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156945388.00000000013C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://mobbipenju.store/file.exe, 00000000.00000003.2138282831.00000000013C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2136180255.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2137273878.00000000013C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=englfile.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonafile.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&amp;l=enfile.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&amp;l=english&amfile.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&amp;l=englifile.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://recaptcha.netfile.exe, 00000000.00000003.2155759399.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157082954.00000000013DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://store.steampowered.com/file.exe, 00000000.00000002.2157082954.00000000013E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&amp;file.exe, 00000000.00000003.2155585774.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.0000000001420000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155210036.000000000141A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157162034.0000000001429000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown

                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                        Public IPs

                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                        104.102.49.254
                                                                                                                                                                        		steamcommunity.comUnited States
                                                                                                                                                                        		16625AKAMAI-ASUStrue

                                                                                                                                                                        General Information

                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                        Analysis ID:1541927
                                                                                                                                                                        Start date and time:2024-10-25 10:26:07 +02:00
                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                        Overall analysis duration:0h 2m 52s
                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                        Report type:full
                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                        Number of analysed new started processes analysed:2
                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                        Technologies:
                                                                                                                                                                        • HCA enabled
                                                                                                                                                                        • EGA enabled
                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                        Sample name:file.exe
                                                                                                                                                                        Detection:MAL
                                                                                                                                                                        Classification:mal100.troj.evad.winEXE@1/0@10/1
                                                                                                                                                                        EGA Information:
                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                                                                                        Warnings

                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net
                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                        • VT rate limit hit for: file.exe

                                                                                                                                                                        Simulations

                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                        04:27:03API Interceptor1x Sleep call for process: file.exe modified

                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                        IPs

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                        104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                        • www.valvesoftware.com/legal.htm

                                                                                                                                                                        Domains

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                        steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254

                                                                                                                                                                        ASNs

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                        AKAMAI-ASUSK3Kvd8JYGV.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                        • 104.118.46.106
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        8DKuAcmAMT.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                        • 23.45.0.112
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                        • 23.0.254.211
                                                                                                                                                                        CalendlyAppGet hashmaliciousUnknownBrowse
                                                                                                                                                                        • 23.46.224.247
                                                                                                                                                                        CalendlyAppGet hashmaliciousUnknownBrowse
                                                                                                                                                                        • 23.46.224.247
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254

                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1https://dl.dropboxusercontent.com/scl/fi/kzw07ghqs05mfyhu8o3ey/BestellungVRG020002.zip?rlkey=27cmmjv86s5ygdnss2oa80i1o&st=86cnbbyp&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        Credit_Details2251397102400024.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        Pro_Inv_24102024_payment_confirmations_SWIFTFiles.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        • 104.102.49.254

                                                                                                                                                                        Dropped Files

                                                                                                                                                                        No context

                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                        No created / dropped files found

                                                                                                                                                                        Static File Info

                                                                                                                                                                        General

                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Entropy (8bit):6.580664901965299
                                                                                                                                                                        TrID:
                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                        File name:file.exe
                                                                                                                                                                        File size:2'884'096 bytes
                                                                                                                                                                        MD5:7711aa717f53e25ed39efd67f8181428
                                                                                                                                                                        SHA1:cb198100d357ed8ad8d4875ff8910a7133883be4
                                                                                                                                                                        SHA256:8c1c7ea4f6655487686342d67f7393aa572881283616134ff39bab5a470fca47
                                                                                                                                                                        SHA512:09fec32ebc3152476e01d3b76c5d26bc58ccbade516fc957840a2fc1cc0e8f4518bf8bd19210b89a9a4e8ac6586ecae3da6c58453ee6d0deaddab78168b78372
                                                                                                                                                                        SSDEEP:49152:lw0O5L+C2xU7SXSLkmb1DF0BNo/Xzm33O0Fk39lG:lw0O5L+FK7SXSJUoPzgOLa
                                                                                                                                                                        TLSH:0BD55B92F44A71CBD48E36358537CE829C9D03BE571159C7A86CA4BEBE63CC121BED24
                                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f............................../...........@.........................../.......,...@.................................W...k..

                                                                                                                                                                        File Icon

                                                                                                                                                                        Icon Hash:00928e8e8686b000

                                                                                                                                                                        Static PE Info

                                                                                                                                                                        General

                                                                                                                                                                        Entrypoint:0x6f8000
                                                                                                                                                                        Entrypoint Section:.taggant
                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                        Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                        File Version Major:6
                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                        Instruction
                                                                                                                                                                        jmp 00007F06553FF53Ah
                                                                                                                                                                        pavgb mm5, qword ptr [ebx]
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add cl, ch
                                                                                                                                                                        add byte ptr [eax], ah
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [edx], ah
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [ecx], bl
                                                                                                                                                                        add byte ptr [eax], 00000000h
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        mov dword ptr [0000000Ah], eax
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                                        Data Directories

                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                        Sections

                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                        0x10000x5d0000x25e009de57b4183238b4a3193ffd7316600e6False0.9993489583333334data7.973968269527451IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                        .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                        .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                        fwrqiggf0x600000x2970000x296a001064aeca27eff19689cc366b2602e26cunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                        fcahcrnz0x2f70000x10000x60000aa08702575da14e6978fe61c2c0189False0.5598958333333334data4.979712355240875IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                        .taggant0x2f80000x30000x220052bbfc9d88c48f2d14a535dac9428bdbFalse0.06824448529411764DOS executable (COM)0.6889751984753119IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                        Imports

                                                                                                                                                                        DLLImport
                                                                                                                                                                        kernel32.dlllstrcpy

                                                                                                                                                                        Network Behavior

                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                        2024-10-25T10:27:02.425727+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.6494601.1.1.153UDP
                                                                                                                                                                        2024-10-25T10:27:02.443939+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.6513861.1.1.153UDP
                                                                                                                                                                        2024-10-25T10:27:02.484690+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.6539931.1.1.153UDP
                                                                                                                                                                        2024-10-25T10:27:02.656424+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.6513571.1.1.153UDP
                                                                                                                                                                        2024-10-25T10:27:02.724984+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.6590711.1.1.153UDP
                                                                                                                                                                        2024-10-25T10:27:02.738048+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.6645761.1.1.153UDP
                                                                                                                                                                        2024-10-25T10:27:02.749805+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.6551101.1.1.153UDP
                                                                                                                                                                        2024-10-25T10:27:02.762256+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.6499231.1.1.153UDP
                                                                                                                                                                        2024-10-25T10:27:04.329239+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.649709104.102.49.254443TCP

                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                        TCP Packets

                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                        Oct 25, 2024 10:27:02.792306900 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:02.792350054 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:02.792428017 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:02.796432018 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:02.796451092 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:03.647836924 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:03.647913933 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:03.651165009 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:03.651179075 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:03.651505947 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:03.702974081 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:03.747323990 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.329308033 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.329375982 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.329417944 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.329463005 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:04.329473972 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.329498053 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.329530001 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.329540968 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:04.329577923 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:04.329601049 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:04.344136953 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.344254017 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.344393015 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:04.344393015 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:04.344424009 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.344474077 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:04.357527971 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.357734919 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:04.357764959 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.357795954 CEST44349709104.102.49.254192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.357980967 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:04.357980967 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:04.358828068 CEST49709443192.168.2.6104.102.49.254
                                                                                                                                                                        Oct 25, 2024 10:27:04.358851910 CEST44349709104.102.49.254192.168.2.6

                                                                                                                                                                        UDP Packets

                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                        Oct 25, 2024 10:27:02.425726891 CEST4946053192.168.2.61.1.1.1
                                                                                                                                                                        Oct 25, 2024 10:27:02.441802025 CEST53494601.1.1.1192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:02.443938971 CEST5138653192.168.2.61.1.1.1
                                                                                                                                                                        Oct 25, 2024 10:27:02.453282118 CEST53513861.1.1.1192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:02.484689951 CEST5399353192.168.2.61.1.1.1
                                                                                                                                                                        Oct 25, 2024 10:27:02.494431973 CEST53539931.1.1.1192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:02.656424046 CEST5135753192.168.2.61.1.1.1
                                                                                                                                                                        Oct 25, 2024 10:27:02.666621923 CEST53513571.1.1.1192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:02.724983931 CEST5907153192.168.2.61.1.1.1
                                                                                                                                                                        Oct 25, 2024 10:27:02.735377073 CEST53590711.1.1.1192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:02.738048077 CEST6457653192.168.2.61.1.1.1
                                                                                                                                                                        Oct 25, 2024 10:27:02.748121023 CEST53645761.1.1.1192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:02.749804974 CEST5511053192.168.2.61.1.1.1
                                                                                                                                                                        Oct 25, 2024 10:27:02.760514975 CEST53551101.1.1.1192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:02.762255907 CEST4992353192.168.2.61.1.1.1
                                                                                                                                                                        Oct 25, 2024 10:27:02.773775101 CEST53499231.1.1.1192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:02.775895119 CEST6347553192.168.2.61.1.1.1
                                                                                                                                                                        Oct 25, 2024 10:27:02.784049034 CEST53634751.1.1.1192.168.2.6
                                                                                                                                                                        Oct 25, 2024 10:27:04.370014906 CEST5864253192.168.2.61.1.1.1
                                                                                                                                                                        Oct 25, 2024 10:27:04.402272940 CEST53586421.1.1.1192.168.2.6

                                                                                                                                                                        DNS Queries

                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                        Oct 25, 2024 10:27:02.425726891 CEST192.168.2.61.1.1.10x2db4Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.443938971 CEST192.168.2.61.1.1.10xd6abStandard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.484689951 CEST192.168.2.61.1.1.10xd5b6Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.656424046 CEST192.168.2.61.1.1.10xe322Standard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.724983931 CEST192.168.2.61.1.1.10xcaf3Standard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.738048077 CEST192.168.2.61.1.1.10x9819Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.749804974 CEST192.168.2.61.1.1.10x9f56Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.762255907 CEST192.168.2.61.1.1.10x845aStandard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.775895119 CEST192.168.2.61.1.1.10xe9c8Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:04.370014906 CEST192.168.2.61.1.1.10x2a3bStandard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                                                                                                                        DNS Answers

                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                        Oct 25, 2024 10:27:02.441802025 CEST1.1.1.1192.168.2.60x2db4Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.453282118 CEST1.1.1.1192.168.2.60xd6abName error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.494431973 CEST1.1.1.1192.168.2.60xd5b6Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.666621923 CEST1.1.1.1192.168.2.60xe322Name error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.735377073 CEST1.1.1.1192.168.2.60xcaf3Name error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.748121023 CEST1.1.1.1192.168.2.60x9819Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.760514975 CEST1.1.1.1192.168.2.60x9f56Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.773775101 CEST1.1.1.1192.168.2.60x845aName error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:02.784049034 CEST1.1.1.1192.168.2.60xe9c8No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                        Oct 25, 2024 10:27:04.402272940 CEST1.1.1.1192.168.2.60x2a3bName error (3)sergei-esenin.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                        • steamcommunity.com

                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        0192.168.2.649709104.102.49.2544432872C:\Users\user\Desktop\file.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2024-10-25 08:27:03 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                        2024-10-25 08:27:04 UTC1917INHTTP/1.1 200 OK
                                                                                                                                                                        Server: nginx
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                        Date: Fri, 25 Oct 2024 08:27:04 GMT
                                                                                                                                                                        Content-Length: 35741
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Set-Cookie: sessionid=07be7ca99e164af512ed77a1; Path=/; Secure; SameSite=None
                                                                                                                                                                        Set-Cookie: steamCountry=US%7C42cb6563c5fec8103907e3e99aebe27b; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                        2024-10-25 08:27:04 UTC14467INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                        2024-10-25 08:27:04 UTC16384INData Raw: 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 64 69 73 63 75 73 73 69 6f 6e 73 2f 22 3e 0d 0a 09 09 09 09 09 09 44 69 73 63 75 73 73 69 6f 6e 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0d 0a 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74
                                                                                                                                                                        Data Ascii: <a class="submenuitem" href="https://steamcommunity.com/discussions/">Discussions</a><a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a><a class="submenuit
                                                                                                                                                                        2024-10-25 08:27:04 UTC3768INData Raw: 63 31 63 64 66 65 62 5f 66 75 6c 6c 2e 6a 70 67 22 3e 0d 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 22 3e 0d 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 5f 62 61 64 67 65 5f 61 72 65 61 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65
                                                                                                                                                                        Data Ascii: c1cdfeb_full.jpg"></div></div><div class="profile_header_badgeinfo"><div class="profile_header_badgeinfo_badge_area"><a data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="pe
                                                                                                                                                                        2024-10-25 08:27:04 UTC1122INData Raw: 70 72 6f 70 65 72 74 79 20 6f 66 20 74 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6f 77 6e 65 72 73 20 69 6e 20 74 68 65 20 55 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 75 6e 74 72 69 65 73 2e 3c 62 72 2f 3e 53 6f 6d 65 20 67 65 6f 73 70 61 74 69 61 6c 20 64 61 74 61 20 6f 6e 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09
                                                                                                                                                                        Data Ascii: property of their respective owners in the US and other countries.<br/>Some geospatial data on this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.


                                                                                                                                                                        Statistics

                                                                                                                                                                        CPU Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        Memory Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                        System Behavior

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:0
                                                                                                                                                                        Start time:04:27:00
                                                                                                                                                                        Start date:25/10/2024
                                                                                                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                        Imagebase:0xf60000
                                                                                                                                                                        File size:2'884'096 bytes
                                                                                                                                                                        MD5 hash:7711AA717F53E25ED39EFD67F8181428
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:low
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        Disassembly

                                                                                                                                                                        Reset < >

                                                                                                                                                                          Execution Graph

                                                                                                                                                                          Execution Coverage:1%
                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                          Signature Coverage:62.7%
                                                                                                                                                                          Total number of Nodes:51
                                                                                                                                                                          Total number of Limit Nodes:6
                                                                                                                                                                          execution_graph 21153 fa50fa 21154 fa514c 21153->21154 21155 fa5176 LoadLibraryExW 21153->21155 21154->21155 21156 fa518c 21155->21156 21162 fa64b8 21164 fa63f2 21162->21164 21163 fa646e 21164->21163 21166 fa5bb0 LdrInitializeThunk 21164->21166 21166->21163 21167 f6d110 21168 f6d119 21167->21168 21169 f6d2ee ExitProcess 21168->21169 21170 fa673d 21172 fa66aa 21170->21172 21171 fa6793 21172->21171 21175 fa5bb0 LdrInitializeThunk 21172->21175 21174 fa67b3 21175->21174 21176 fa60d2 21178 fa60fa 21176->21178 21177 fa614e 21181 fa5bb0 LdrInitializeThunk 21177->21181 21178->21177 21182 fa5bb0 LdrInitializeThunk 21178->21182 21181->21177 21182->21177 21196 f7049b 21200 f70227 21196->21200 21197 f70455 21199 fa5700 2 API calls 21197->21199 21201 f70308 21199->21201 21200->21197 21200->21201 21202 fa5700 21200->21202 21203 fa571b 21202->21203 21204 fa5797 21202->21204 21206 fa578c 21202->21206 21208 fa5729 21202->21208 21203->21204 21203->21206 21203->21208 21209 fa3220 21204->21209 21206->21197 21207 fa5776 RtlReAllocateHeap 21207->21206 21208->21207 21210 fa32ac 21209->21210 21211 fa32a2 RtlFreeHeap 21209->21211 21212 fa3236 21209->21212 21210->21206 21211->21210 21212->21211 21213 fa626a 21215 fa628d 21213->21215 21214 fa62de 21217 fa636e 21214->21217 21219 fa5bb0 LdrInitializeThunk 21214->21219 21215->21214 21220 fa5bb0 LdrInitializeThunk 21215->21220 21219->21217 21220->21214 21221 f9d9cb 21223 f9d9fb 21221->21223 21222 f9da65 21223->21222 21225 fa5bb0 LdrInitializeThunk 21223->21225 21225->21223 21226 f6fca0 21229 f6fcdc 21226->21229 21227 f6ffe4 21228 fa3220 RtlFreeHeap 21228->21227 21229->21227 21229->21228 21230 fa3202 RtlAllocateHeap

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 00FA50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63libraryCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 25 fa50fa-fa514a 26 fa514c-fa514f 25->26 27 fa5176-fa5186 LoadLibraryExW 25->27 28 fa5150-fa5174 call fa5a50 26->28 29 fa52d8-fa5304 27->29 30 fa518c-fa51b5 27->30 28->27 30->29
                                                                                                                                                                          APIs
                                                                                                                                                                          • LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00FA5182
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                          • String ID: <I$)$<I$)$@^
                                                                                                                                                                          • API String ID: 1029625771-935358343
                                                                                                                                                                          • Opcode ID: 572ba28356ab60f0ccedfee2b7848cad8455f97295ac66a99b9ae231731e1bf6
                                                                                                                                                                          • Instruction ID: 7b181f019384facbd251640d7c9f03051cc16ce91a227c6d34f3a2fddec8e787
                                                                                                                                                                          • Opcode Fuzzy Hash: 572ba28356ab60f0ccedfee2b7848cad8455f97295ac66a99b9ae231731e1bf6
                                                                                                                                                                          • Instruction Fuzzy Hash: 38219D756483888FC300DF68D8C0B2AB7E4AB6A300F69492CE1C5D7362D636D9158F56
                                                                                                                                                                          Function 00F6FCA0 Relevance: 5.4, Strings: 4, Instructions: 373COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 33 f6fca0-f6fcda 34 f6fcdc-f6fcdf 33->34 35 f6fd0b-f6fe22 33->35 36 f6fce0-f6fd09 call f72690 34->36 37 f6fe24 35->37 38 f6fe5b-f6fe8c 35->38 36->35 40 f6fe30-f6fe59 call f72760 37->40 41 f6feb6-f6fec5 call f70b50 38->41 42 f6fe8e-f6fe8f 38->42 40->38 47 f6feca-f6fecf 41->47 46 f6fe90-f6feb4 call f72700 42->46 46->41 51 f6ffe4-f6ffe6 47->51 52 f6fed5-f6fef8 47->52 55 f701b1-f701bb 51->55 53 f6fefa 52->53 54 f6ff2b-f6ff2d 52->54 56 f6ff00-f6ff29 call f727e0 53->56 57 f6ff30-f6ff3a 54->57 56->54 59 f6ff41-f6ff49 57->59 60 f6ff3c-f6ff3f 57->60 62 f701a2-f701ad call fa3220 59->62 63 f6ff4f-f6ff76 59->63 60->57 60->59 62->55 65 f6ffab-f6ffb5 63->65 66 f6ff78 63->66 67 f6ffb7-f6ffbb 65->67 68 f6ffeb 65->68 70 f6ff80-f6ffa9 call f72840 66->70 72 f6ffc7-f6ffcb 67->72 73 f6ffed-f6ffef 68->73 70->65 75 f6ffd1-f6ffd8 72->75 76 f7019a 72->76 73->76 77 f6fff5-f7002c 73->77 78 f6ffde 75->78 79 f6ffda-f6ffdc 75->79 76->62 80 f7002e-f7002f 77->80 81 f7005b-f70065 77->81 84 f6ffc0-f6ffc5 78->84 85 f6ffe0-f6ffe2 78->85 79->78 86 f70030-f70059 call f728a0 80->86 82 f70067-f7006f 81->82 83 f700a4 81->83 88 f70087-f7008b 82->88 89 f700a6-f700a8 83->89 84->72 84->73 85->84 86->81 88->76 91 f70091-f70098 88->91 89->76 92 f700ae-f700c5 89->92 93 f7009e 91->93 94 f7009a-f7009c 91->94 95 f700c7 92->95 96 f700fb-f70102 92->96 99 f70080-f70085 93->99 100 f700a0-f700a2 93->100 94->93 101 f700d0-f700f9 call f72900 95->101 97 f70104-f7010d 96->97 98 f70130-f7013c 96->98 102 f70117-f7011b 97->102 103 f701c2-f701c7 98->103 99->88 99->89 100->99 101->96 102->76 106 f7011d-f70124 102->106 103->62 107 f70126-f70128 106->107 108 f7012a 106->108 107->108 109 f70110-f70115 108->109 110 f7012c-f7012e 108->110 109->102 111 f70141-f70143 109->111 110->109 111->76 112 f70145-f7015b 111->112 112->103 113 f7015d-f7015f 112->113 114 f70163-f70166 113->114 115 f701bc 114->115 116 f70168-f70188 call f72030 114->116 115->103 119 f70192-f70198 116->119 120 f7018a-f70190 116->120 119->103 120->114 120->119
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: J|BJ$V$VY^_$t
                                                                                                                                                                          • API String ID: 0-3701112211
                                                                                                                                                                          • Opcode ID: 649ecedf57d373cd55d1de04d7592d7dd52a918e855c75623201b3e875c5ca0f
                                                                                                                                                                          • Instruction ID: 1d93aeba3a9acc0b884730b2fa81932bf574c651acc1992cbc2d4f46230b52a5
                                                                                                                                                                          • Opcode Fuzzy Hash: 649ecedf57d373cd55d1de04d7592d7dd52a918e855c75623201b3e875c5ca0f
                                                                                                                                                                          • Instruction Fuzzy Hash: F7D1767590C3809BD310DF149590A1FBBE1AF92B48F68882DF4C98B252C776DD49EB93
                                                                                                                                                                          Function 00F6D110 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 157 f6d110-f6d11b call fa4cc0 160 f6d121-f6d130 call f9c8d0 157->160 161 f6d2ee-f6d2f6 ExitProcess 157->161 165 f6d136-f6d15f 160->165 166 f6d2e9 call fa56e0 160->166 170 f6d196-f6d1bf 165->170 171 f6d161 165->171 166->161 172 f6d1f6-f6d20c 170->172 173 f6d1c1 170->173 174 f6d170-f6d194 call f6d300 171->174 176 f6d20e-f6d20f 172->176 177 f6d239-f6d23b 172->177 175 f6d1d0-f6d1f4 call f6d370 173->175 174->170 175->172 180 f6d210-f6d237 call f6d3e0 176->180 181 f6d286-f6d2aa 177->181 182 f6d23d-f6d25a 177->182 180->177 184 f6d2d6 call f6e8f0 181->184 185 f6d2ac-f6d2af 181->185 182->181 188 f6d25c-f6d25f 182->188 194 f6d2db-f6d2dd 184->194 189 f6d2b0-f6d2d4 call f6d490 185->189 192 f6d260-f6d284 call f6d440 188->192 189->184 192->181 194->166 197 f6d2df-f6d2e4 call f72f10 call f70b40 194->197 197->166
                                                                                                                                                                          APIs
                                                                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 00F6D2F1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ExitProcess
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 621844428-0
                                                                                                                                                                          • Opcode ID: e537891227958d9c8aeba86cec928b54a1cd2d9154abd02d4684d8c87d7b4ae6
                                                                                                                                                                          • Instruction ID: 26c4becd503815f44b7fb82d436843d3b3056a467f99674af3785c0e0c4a0787
                                                                                                                                                                          • Opcode Fuzzy Hash: e537891227958d9c8aeba86cec928b54a1cd2d9154abd02d4684d8c87d7b4ae6
                                                                                                                                                                          • Instruction Fuzzy Hash: 7C414770A0D340ABD701BB69D995A2EFBF5AF52744F148C0CE5C497212C73AD814AB67
                                                                                                                                                                          Function 00FA5700 Relevance: 1.6, APIs: 1, Instructions: 69memoryCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 202 fa5700-fa5714 203 fa571b-fa5722 202->203 204 fa5729-fa574a 202->204 205 fa578c-fa5795 call fa31a0 202->205 206 fa57b2 202->206 207 fa57b0 202->207 208 fa5797-fa57a5 call fa3220 202->208 203->204 203->206 203->207 203->208 211 fa574c-fa574f 204->211 212 fa5776-fa578a RtlReAllocateHeap 204->212 210 fa57b4-fa57b9 205->210 206->210 207->206 208->207 215 fa5750-fa5774 call fa5b30 211->215 212->210 215->212
                                                                                                                                                                          APIs
                                                                                                                                                                          • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00FA5784
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                          • Opcode ID: 55c3a451ec2e9227e6b7ebe6a24d0d0e52a048a36c890a4e8f7aa62a14004284
                                                                                                                                                                          • Instruction ID: 1ba3ecdadb494646658e5924d8a97f460c5dfb578048dfe481d2619deca7d346
                                                                                                                                                                          • Opcode Fuzzy Hash: 55c3a451ec2e9227e6b7ebe6a24d0d0e52a048a36c890a4e8f7aa62a14004284
                                                                                                                                                                          • Instruction Fuzzy Hash: 2B115EB591C240EBC301AF28EC45A1BBBF5AF97B11F158928E4C49B211D339D915EBA3
                                                                                                                                                                          Function 00FA5BB0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 229 fa5bb0-fa5be2 LdrInitializeThunk
                                                                                                                                                                          APIs
                                                                                                                                                                          • LdrInitializeThunk.NTDLL(00FA973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00FA5BDE
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                          • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                                          • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                                                                          • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                                                          • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                                                                          Function 00FA695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 258 fa695b-fa696b call fa4a20 261 fa696d 258->261 262 fa6981-fa6a02 258->262 265 fa6970-fa697f 261->265 263 fa6a36-fa6a42 262->263 264 fa6a04 262->264 267 fa6a44-fa6a4f 263->267 268 fa6a85-fa6a9f 263->268 266 fa6a10-fa6a34 call fa73e0 264->266 265->262 265->265 266->263 270 fa6a50-fa6a57 267->270 272 fa6a59-fa6a5c 270->272 273 fa6a60-fa6a66 270->273 272->270 274 fa6a5e 272->274 273->268 275 fa6a68-fa6a7d call fa5bb0 273->275 274->268 277 fa6a82 275->277 277->268
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: @
                                                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                                                          • Opcode ID: 02e869751d6fd44e66ce866b749421ea9ca0e3bf21af0e7821d2d07305148cb5
                                                                                                                                                                          • Instruction ID: 58d51af5559946b73e3ada78ff812f4101ee6895eca4e44d0686689fb2d55c65
                                                                                                                                                                          • Opcode Fuzzy Hash: 02e869751d6fd44e66ce866b749421ea9ca0e3bf21af0e7821d2d07305148cb5
                                                                                                                                                                          • Instruction Fuzzy Hash: 2D3198B1A083058FD718EF14C89072BB7F2EF86344F18891CE5C6D7261E7399904EB56
                                                                                                                                                                          Function 00F7049B Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 278 f7049b-f70515 call f6c9f0 282 f70417-f70430 278->282 283 f70356 278->283 284 f70393-f70397 278->284 285 f70472-f70477 278->285 286 f70311-f70332 278->286 287 f70370-f7037e 278->287 288 f703d0-f703d7 278->288 289 f7035f-f70367 278->289 290 f703be 278->290 291 f703de-f703e3 278->291 292 f7051c-f7051e 278->292 293 f7045b-f70469 call fa5700 278->293 294 f703fb-f70414 278->294 295 f70339-f7034f 278->295 296 f70227-f7023b 278->296 297 f70246-f70260 278->297 298 f70386-f7038c 278->298 299 f70242-f70244 278->299 300 f70482-f70484 278->300 301 f70440-f70458 call fa5700 278->301 302 f70480 278->302 303 f703ec-f703f4 278->303 304 f70308-f7030c 278->304 282->301 283->289 312 f703a0-f703b7 284->312 285->302 286->282 286->283 286->284 286->285 286->287 286->288 286->289 286->290 286->291 286->293 286->294 286->295 286->298 286->300 286->301 286->302 286->303 287->298 288->282 288->284 288->285 288->291 288->294 288->298 288->300 288->302 288->303 289->287 290->288 291->303 311 f70520-f70b30 292->311 293->285 294->282 295->282 295->283 295->284 295->285 295->287 295->288 295->289 295->290 295->291 295->293 295->294 295->298 295->300 295->301 295->302 295->303 296->282 296->283 296->284 296->285 296->286 296->287 296->288 296->289 296->290 296->291 296->293 296->294 296->295 296->297 296->298 296->299 296->300 296->301 296->302 296->303 296->304 306 f70294 297->306 307 f70262 297->307 298->284 298->285 298->300 298->302 305 f70296-f702bd 299->305 309 f7048d-f70496 300->309 301->293 303->284 303->285 303->294 303->300 303->302 304->309 314 f702bf 305->314 315 f702ea-f70301 305->315 306->305 313 f70270-f70292 call f72eb0 307->313 309->311 312->282 312->284 312->285 312->288 312->290 312->291 312->293 312->294 312->298 312->300 312->301 312->302 312->303 313->306 325 f702c0-f702e8 call f72e70 314->325 315->282 315->283 315->284 315->285 315->286 315->287 315->288 315->289 315->290 315->291 315->293 315->294 315->295 315->298 315->300 315->301 315->302 315->303 315->304 325->315
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0163ab6d79da1a2dcdb567fa72231d011640992d421ff82fa5a0dadfc31aca76
                                                                                                                                                                          • Instruction ID: f551b154255aa635bdc09582c2339f52de732a72e9d2e7602290464ec8454d77
                                                                                                                                                                          • Opcode Fuzzy Hash: 0163ab6d79da1a2dcdb567fa72231d011640992d421ff82fa5a0dadfc31aca76
                                                                                                                                                                          • Instruction Fuzzy Hash: E5917D75200B04CFD724CF65D894A17B7F6FF89310B158A6DE8968B6A2DB30F819EB50
                                                                                                                                                                          Function 00F70228 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a61225f351ca5a9016f31d2015d91d322db6e07704a7a379d8a36710848f9b41
                                                                                                                                                                          • Instruction ID: 8c303d492e8182b62d65c429d65ca87eafdbc62bf63ce859b965f0288728b14d
                                                                                                                                                                          • Opcode Fuzzy Hash: a61225f351ca5a9016f31d2015d91d322db6e07704a7a379d8a36710848f9b41
                                                                                                                                                                          • Instruction Fuzzy Hash: D9716A75200705DFD7248F60EC94B26B7F6FF4A310F15C969E8868B662CB31A819EB50
                                                                                                                                                                          Function 00FA99D0 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1ddb91a4d273d7692e1fdb6fef79640110cb37184a0b8159a792843deca0b625
                                                                                                                                                                          • Instruction ID: fb84d4c41012817bcc194605a5463de275b19afa4e4974f30b9eba9b5deb2810
                                                                                                                                                                          • Opcode Fuzzy Hash: 1ddb91a4d273d7692e1fdb6fef79640110cb37184a0b8159a792843deca0b625
                                                                                                                                                                          • Instruction Fuzzy Hash: 1841D47460C3049BD714DF15D890B2BF7E5EBC6B60F24882DF58587251D379E800EB62
                                                                                                                                                                          Function 00FA63B8 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                          • Opcode ID: 0d5d8c7e2c6ee841efe48817471f811c22e8946f6ec209cf135dc52a1186bfa3
                                                                                                                                                                          • Instruction ID: c9b50aa69ed914212ce7532b74d38779910b02b9a4abcf61bd62e072504f5a89
                                                                                                                                                                          • Opcode Fuzzy Hash: 0d5d8c7e2c6ee841efe48817471f811c22e8946f6ec209cf135dc52a1186bfa3
                                                                                                                                                                          • Instruction Fuzzy Hash: 3931E6B0649301BBDA24DB04CD81F3AB7A6FB96B61F78850CF5C19B2D1D370A811AB52
                                                                                                                                                                          Function 00F70EEC Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1726c8e90ac5238ffa55a6dd1cb10881c6c22c4a479b2028081454fab42aa3c6
                                                                                                                                                                          • Instruction ID: 2bbcb155f510d3392c7477d3124f3d5626c043379ba1c51299a9deb80f34c185
                                                                                                                                                                          • Opcode Fuzzy Hash: 1726c8e90ac5238ffa55a6dd1cb10881c6c22c4a479b2028081454fab42aa3c6
                                                                                                                                                                          • Instruction Fuzzy Hash: 51213CB490021ADFEB15CF94CC90BBEBBB2FF46304F148819E415BB292C735A911DB65
                                                                                                                                                                          Function 00FA3220 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 219 fa3220-fa322f 220 fa32ac-fa32b0 219->220 221 fa32a2-fa32a6 RtlFreeHeap 219->221 222 fa32a0 219->222 223 fa3236-fa3252 219->223 221->220 222->221 224 fa3286-fa3296 223->224 225 fa3254 223->225 224->222 226 fa3260-fa3284 call fa5af0 225->226 226->224
                                                                                                                                                                          APIs
                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,00000000), ref: 00FA32A6
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                                          • Opcode ID: 74fbba455f02f2093e9232b602a25ebaf1df24e423fbff0889143491d6d0f790
                                                                                                                                                                          • Instruction ID: 70a30ceeadc94e29e5948d461721498655702bd0e56456090bc93902c12236ad
                                                                                                                                                                          • Opcode Fuzzy Hash: 74fbba455f02f2093e9232b602a25ebaf1df24e423fbff0889143491d6d0f790
                                                                                                                                                                          • Instruction Fuzzy Hash: 28016D7454D2409BC701EF18E895A1ABBE8EF4AB00F05491CE5C58B361D335ED64EFA2
                                                                                                                                                                          Function 00FA3202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 230 fa3202-fa3211 RtlAllocateHeap
                                                                                                                                                                          APIs
                                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000), ref: 00FA3208
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                          • Opcode ID: da6478e5d744ea4dc4956d3392dbb744987e4fbad7d9d4a22a62b457f2d86483
                                                                                                                                                                          • Instruction ID: 43c649181538cc5abf92cc462d23ff023d7e602df039e85ca6014c710623f426
                                                                                                                                                                          • Opcode Fuzzy Hash: da6478e5d744ea4dc4956d3392dbb744987e4fbad7d9d4a22a62b457f2d86483
                                                                                                                                                                          • Instruction Fuzzy Hash: C8B012300400005FDA081B00EC0AF003510EB00605F900190A100040B1E5615865D955

                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                          Function 00F923E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$#v
                                                                                                                                                                          • API String ID: 0-2260822535
                                                                                                                                                                          • Opcode ID: 55fe2a62f2dc24114e4039a388f2aaa5ce35e63fd33363b474649eabd7465456
                                                                                                                                                                          • Instruction ID: 6353364ac3d2fb3b912eb25bbf8196ee78d6865b2108c667fc7278171e2caa02
                                                                                                                                                                          • Opcode Fuzzy Hash: 55fe2a62f2dc24114e4039a388f2aaa5ce35e63fd33363b474649eabd7465456
                                                                                                                                                                          • Instruction Fuzzy Hash: 0B33CE70504B818FEB658F38C590B62BBE1BF16304F58499DD4DA8BB92C735F806DBA1
                                                                                                                                                                          Function 00F7DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                          • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                                                                                                          • API String ID: 2994545307-1418943773
                                                                                                                                                                          • Opcode ID: 1c1d8720bdf092bb5bbacd1ef40fc12fe0ce1f2b765807e1478f045570df2e21
                                                                                                                                                                          • Instruction ID: b1b236dd5a453b000016a428fc3c4bbf7175ec934537e8b29650dc053349ca31
                                                                                                                                                                          • Opcode Fuzzy Hash: 1c1d8720bdf092bb5bbacd1ef40fc12fe0ce1f2b765807e1478f045570df2e21
                                                                                                                                                                          • Instruction Fuzzy Hash: 06F278B19093819BD770CF14C884BABBBE2BFD5314F54886EE4C98B251D7359884EB93
                                                                                                                                                                          Function 00F89F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                                                                                                          • API String ID: 0-1131134755
                                                                                                                                                                          • Opcode ID: 7716f2cb137f9a3657c551c3ed182137faebd95c8c51e397054676804525fea1
                                                                                                                                                                          • Instruction ID: b2b4db3ee6d051da96e14a06fdc1e71a6cb5db7a4dee37c988073f25bdce7c14
                                                                                                                                                                          • Opcode Fuzzy Hash: 7716f2cb137f9a3657c551c3ed182137faebd95c8c51e397054676804525fea1
                                                                                                                                                                          • Instruction Fuzzy Hash: B152C6B444D385CAE270CF25D581B8EBAF1BB92740F608A1DE2ED9B255DBB08045DF93
                                                                                                                                                                          Function 00F89510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                                                                          • API String ID: 0-655414846
                                                                                                                                                                          • Opcode ID: 2d8102347eb769250fcea105a6e2f8baf5e87ee8954be936eea4a84fd8c882f5
                                                                                                                                                                          • Instruction ID: ff43b2107bded93f0bf14dc0ab0101a834a60ee4df5da1096fc1fa1f43ba8686
                                                                                                                                                                          • Opcode Fuzzy Hash: 2d8102347eb769250fcea105a6e2f8baf5e87ee8954be936eea4a84fd8c882f5
                                                                                                                                                                          • Instruction Fuzzy Hash: 2CF150B0508384ABD310EF15D881A6BBBF4FB86B48F184D1CF4D59B252D378D908EB96
                                                                                                                                                                          Function 00F8DD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
                                                                                                                                                                          • API String ID: 0-1557708024
                                                                                                                                                                          • Opcode ID: 96eb23e41bc61d55ab33cb0ab3859a17e9cdb79e1f9c6d20ebc14470fdc305ce
                                                                                                                                                                          • Instruction ID: 2989eb49887afa6444fd1c61cac0b68d41ee47fac24042cd98a32b14708cad5c
                                                                                                                                                                          • Opcode Fuzzy Hash: 96eb23e41bc61d55ab33cb0ab3859a17e9cdb79e1f9c6d20ebc14470fdc305ce
                                                                                                                                                                          • Instruction Fuzzy Hash: 4D92D371E00219CFDB14DF68D8917AEBBB2FF49320F298268E455AB391D735AD01DB90
                                                                                                                                                                          Function 00F8098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                                                                                                          • API String ID: 0-4102007303
                                                                                                                                                                          • Opcode ID: 24d7629e4e50c3898bdf4fa73fb8b400cc078d7a1931b914c217418d675c1d1d
                                                                                                                                                                          • Instruction ID: 7bc727a4cb10424b2b442d3aa781464a33b9fc2ce8dcdabed6b3b32b381646c3
                                                                                                                                                                          • Opcode Fuzzy Hash: 24d7629e4e50c3898bdf4fa73fb8b400cc078d7a1931b914c217418d675c1d1d
                                                                                                                                                                          • Instruction Fuzzy Hash: 2D62B9B1A083818BD730DF14C891BABB7E1FF96314F084A2DE49A8B641E7799845DF53
                                                                                                                                                                          Function 00F61000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                                                                                                          • API String ID: 0-2517803157
                                                                                                                                                                          • Opcode ID: 3a17f352f553c736b7b78529ced71b5013f1220474b27351d9d1eff6a2e78011
                                                                                                                                                                          • Instruction ID: 11dab4059347087ebb64cb76dd066bf4c75bd5378f4be28eacddcf848b58795c
                                                                                                                                                                          • Opcode Fuzzy Hash: 3a17f352f553c736b7b78529ced71b5013f1220474b27351d9d1eff6a2e78011
                                                                                                                                                                          • Instruction Fuzzy Hash: AED20571A087418FD718CE28C89436ABBE2AFD5324F18CA2DE499C7391D774DD45EB82
                                                                                                                                                                          Function 01125133 Relevance: 10.3, Strings: 7, Instructions: 1594COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: hn{$40|$CkM$Fk~O$VW$Wlk$]|
                                                                                                                                                                          • API String ID: 0-264632453
                                                                                                                                                                          • Opcode ID: 03e2d64dfeb962ee7927dd3dac38871bbb5adc4cd5d5081525cb84c8038bbca7
                                                                                                                                                                          • Instruction ID: f3461826a35ec8eabfb5bdd9cab5830578c2c460b2326dc81710f81dcf2f182b
                                                                                                                                                                          • Opcode Fuzzy Hash: 03e2d64dfeb962ee7927dd3dac38871bbb5adc4cd5d5081525cb84c8038bbca7
                                                                                                                                                                          • Instruction Fuzzy Hash: 24B206F3A0C2049FE3046E29EC8577ABBE9EF94320F1A493DE6C4C3744EA7558418697
                                                                                                                                                                          Function 0112BB5E Relevance: 9.1, Strings: 6, Instructions: 1576COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: a9o$475?$U- $o3~$o3~$|_
                                                                                                                                                                          • API String ID: 0-1063967447
                                                                                                                                                                          • Opcode ID: ca26dbbbac3ade2fbe9bed2194e853bda557ab15b59d8d3db958370da60c197b
                                                                                                                                                                          • Instruction ID: 9545de4b19bd47ad7a478922e21961427561a1a102826ad8cee35bd60cbd3871
                                                                                                                                                                          • Opcode Fuzzy Hash: ca26dbbbac3ade2fbe9bed2194e853bda557ab15b59d8d3db958370da60c197b
                                                                                                                                                                          • Instruction Fuzzy Hash: 73A209F360C2049FE3046E2DEC8567AFBE9EF94320F16493DE6C587744EA3658058697
                                                                                                                                                                          Function 0112D8AA Relevance: 8.9, Strings: 6, Instructions: 1360COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: YGa$ ~r~$%Vu~$UJwq$Gm]$W}{
                                                                                                                                                                          • API String ID: 0-1855531126
                                                                                                                                                                          • Opcode ID: 0647e318fccc3a6054e613e9e14f244bd54e7d296cd0c4499736e6b6e3a5d190
                                                                                                                                                                          • Instruction ID: 952e28887bdfb456c87ad2cff823439a7b680e9440b5e1bdd5a21fd25513669a
                                                                                                                                                                          • Opcode Fuzzy Hash: 0647e318fccc3a6054e613e9e14f244bd54e7d296cd0c4499736e6b6e3a5d190
                                                                                                                                                                          • Instruction Fuzzy Hash: D99219F360C2049FE304AE2DEC8577AB7EAEBD8320F1A863DE6C5C3744E93559058656
                                                                                                                                                                          Function 00F612F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 0$0$0$@$i
                                                                                                                                                                          • API String ID: 0-3124195287
                                                                                                                                                                          • Opcode ID: fc09cfb15569b2aeed6a0966cbd6415b14b081077ee6d0b5ae6385f64a999955
                                                                                                                                                                          • Instruction ID: 69586bad15b9584c6b84809b4be8adae57d688de914c6db9bd3b34cbde2c2155
                                                                                                                                                                          • Opcode Fuzzy Hash: fc09cfb15569b2aeed6a0966cbd6415b14b081077ee6d0b5ae6385f64a999955
                                                                                                                                                                          • Instruction Fuzzy Hash: BF62D171A0C7818BC318CF28C49076ABBE1BFD5354F188A2DE8D987291D775DD49EB82
                                                                                                                                                                          Function 00F6164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                                                                          • API String ID: 0-1123320326
                                                                                                                                                                          • Opcode ID: 23e87f901790de0fc3903cf7ef860fedaeaf42c6294c2cb712f80fcbcff42a44
                                                                                                                                                                          • Instruction ID: 32d90cd9cdcea7caf50c83fb3889dce0624ea765c0a2b49a4e28bd6367f7b2eb
                                                                                                                                                                          • Opcode Fuzzy Hash: 23e87f901790de0fc3903cf7ef860fedaeaf42c6294c2cb712f80fcbcff42a44
                                                                                                                                                                          • Instruction Fuzzy Hash: 23F1CF31A0C7818FC715CE28C48436AFBE2AFD9314F188A6DE4D987356D734D948EB92
                                                                                                                                                                          Function 00F613A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                                                                          • API String ID: 0-3620105454
                                                                                                                                                                          • Opcode ID: 1d9f7eceb5c699648253c3625b252cb0174b52613016859109736057c46f3670
                                                                                                                                                                          • Instruction ID: d928baaea5d6199be313fc7128e75dfc002847dbdee26c7a5659c58ca28e8a96
                                                                                                                                                                          • Opcode Fuzzy Hash: 1d9f7eceb5c699648253c3625b252cb0174b52613016859109736057c46f3670
                                                                                                                                                                          • Instruction Fuzzy Hash: 46D19F3160C7828FC715CE29C48426AFBE2AFD9314F08CA6DE4D987356D734D949DB52
                                                                                                                                                                          Function 01120169 Relevance: 6.6, Strings: 4, Instructions: 1623COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: g w$wes.$ww$"Ct
                                                                                                                                                                          • API String ID: 0-851336537
                                                                                                                                                                          • Opcode ID: b19c72d2fcb8bafa135050fbbcf189cf3d17acd97e4be799ead76e3cde966940
                                                                                                                                                                          • Instruction ID: 55cb8acabba6c8cc28f98ee8e84a61def095d91ea678467469b675e4f60afcbc
                                                                                                                                                                          • Opcode Fuzzy Hash: b19c72d2fcb8bafa135050fbbcf189cf3d17acd97e4be799ead76e3cde966940
                                                                                                                                                                          • Instruction Fuzzy Hash: 4CB227F3A0C2109FE704AE2DEC8577AB7E9EF94720F1A493DE6C4C3744EA3558058696
                                                                                                                                                                          Function 01123713 Relevance: 6.6, Strings: 4, Instructions: 1587COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: GozL$efC$Le$d]
                                                                                                                                                                          • API String ID: 0-3424822483
                                                                                                                                                                          • Opcode ID: 965db027f0081e7009d804edd0ccebfe18affafef280804da781d54340db1b77
                                                                                                                                                                          • Instruction ID: 489a3f30e21a0a9a839e9a6d0143d35dd59eaa96c1f79f869259651a051cf20b
                                                                                                                                                                          • Opcode Fuzzy Hash: 965db027f0081e7009d804edd0ccebfe18affafef280804da781d54340db1b77
                                                                                                                                                                          • Instruction Fuzzy Hash: C8B207F3A082109FE7046E2DEC8567AFBE9EF94720F1A493DEAC5C3740E67558108697
                                                                                                                                                                          Function 01126C02 Relevance: 6.5, Strings: 4, Instructions: 1510COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: #pN3$'P?-$DD;W$x:z
                                                                                                                                                                          • API String ID: 0-2636466378
                                                                                                                                                                          • Opcode ID: 36d6f438a678925316975e33aae0e29e47d2d9f8ab191c639bcbd6e3c8172af6
                                                                                                                                                                          • Instruction ID: 1c1eefebab15d694ffa278dd6f7077ca22abc8a0bcf7a78769270468e9b2e3e3
                                                                                                                                                                          • Opcode Fuzzy Hash: 36d6f438a678925316975e33aae0e29e47d2d9f8ab191c639bcbd6e3c8172af6
                                                                                                                                                                          • Instruction Fuzzy Hash: EFA2E4F36082009FE7046E2DEC8567AFBE9EFD4720F1A893DE6C487344E63598158697
                                                                                                                                                                          Function 00F8FD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: :$NA_I$m1s3$uvw
                                                                                                                                                                          • API String ID: 0-3973114637
                                                                                                                                                                          • Opcode ID: a3655772acf72143a6253c00b1ce1aa1f12e384549f26dfc7af6322904cbbde8
                                                                                                                                                                          • Instruction ID: 14b0bc2f245c0e2f5096d1d7646886fadae8db9e4834f6541c3e2cd8c6145730
                                                                                                                                                                          • Opcode Fuzzy Hash: a3655772acf72143a6253c00b1ce1aa1f12e384549f26dfc7af6322904cbbde8
                                                                                                                                                                          • Instruction Fuzzy Hash: CF32BCB1908380DFE710DF28D890B2ABBE5BB86350F544A2CF5D58B262D739D905EF52
                                                                                                                                                                          Function 00F73BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+($;z$p$ss
                                                                                                                                                                          • API String ID: 0-2391135358
                                                                                                                                                                          • Opcode ID: 5c703b4d8f3aa468a9786c8377822e2291c433177f553fc8afd8c894d8ad8add
                                                                                                                                                                          • Instruction ID: 916cfa486e22b1bb568ad79fc9d6dca0f950e5573291fe1ca0b9d611f9317d58
                                                                                                                                                                          • Opcode Fuzzy Hash: 5c703b4d8f3aa468a9786c8377822e2291c433177f553fc8afd8c894d8ad8add
                                                                                                                                                                          • Instruction Fuzzy Hash: 58026CB4810700EFD760EF24D986756BFF1FB02700F50895DE89A8B656E334A819DFA2
                                                                                                                                                                          Function 00F82260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: a|$hu$lc$sj
                                                                                                                                                                          • API String ID: 0-3748788050
                                                                                                                                                                          • Opcode ID: bedf8e2b2c282e33af7fbbf754ffd2d0be9063c2b281995b543f895c61624189
                                                                                                                                                                          • Instruction ID: 58aa0cad3c35542e52c806414d4f32374750a7b09ec014a88cb96c4efe7908b6
                                                                                                                                                                          • Opcode Fuzzy Hash: bedf8e2b2c282e33af7fbbf754ffd2d0be9063c2b281995b543f895c61624189
                                                                                                                                                                          • Instruction Fuzzy Hash: E0A19174808341CBC750EF18C891A6BB7F0FF95764F588A0CE8D59B291E339E941DBA6
                                                                                                                                                                          Function 00F8D7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: #'$CV$KV$T>
                                                                                                                                                                          • API String ID: 0-95592268
                                                                                                                                                                          • Opcode ID: f15e702b0aae03fb298b034ecfe24dfdd670971a5dcf1917beef7f5767fca129
                                                                                                                                                                          • Instruction ID: 7ef11854497945a92ac8706e1b63665927fa96fa8eea63d5db09e5c4bc951928
                                                                                                                                                                          • Opcode Fuzzy Hash: f15e702b0aae03fb298b034ecfe24dfdd670971a5dcf1917beef7f5767fca129
                                                                                                                                                                          • Instruction Fuzzy Hash: 978157B48017459FDB20EF95D6855AEBFB1FF12300F60460CE486ABA95C334AA55CFE2
                                                                                                                                                                          Function 00F8AC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: (g6e$,{*y$4c2a$lk
                                                                                                                                                                          • API String ID: 0-1327526056
                                                                                                                                                                          • Opcode ID: b355fe0fa02892719b0f637328f897b5136b8c04c404036b4f962d7f28c41c84
                                                                                                                                                                          • Instruction ID: d69204932a4f2f087f53582c51a9b10b2873b4d03ec31b2106a4cb93765b2083
                                                                                                                                                                          • Opcode Fuzzy Hash: b355fe0fa02892719b0f637328f897b5136b8c04c404036b4f962d7f28c41c84
                                                                                                                                                                          • Instruction Fuzzy Hash: 9C4194B5808381CBD720AF20D840BABB7F0FF86345F54995EE5C897260EB36D944DB96
                                                                                                                                                                          Function 00F8C470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+($%*+($~/i!
                                                                                                                                                                          • API String ID: 0-4033100838
                                                                                                                                                                          • Opcode ID: 148345a2ef364188aebcf66335174ba843acb21184643e04885848fdc7be81db
                                                                                                                                                                          • Instruction ID: 8227fb126fa338f9deddcbbbc443c89869f4301efe5af01e494dc3fa689236fe
                                                                                                                                                                          • Opcode Fuzzy Hash: 148345a2ef364188aebcf66335174ba843acb21184643e04885848fdc7be81db
                                                                                                                                                                          • Instruction Fuzzy Hash: 5FE1B7B1918344DFE320AF24D881B6ABBF6FB85350F58892CE5C887251D735D814EFA2
                                                                                                                                                                          Function 00F68590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: )$)$IEND
                                                                                                                                                                          • API String ID: 0-588110143
                                                                                                                                                                          • Opcode ID: 4f631121a08607db59a96c698b541cb3eb44a2d5f15b0f6923b639ad5ebe8cb6
                                                                                                                                                                          • Instruction ID: f18483500103603289f2a443d062712851103cf972c3274470ba2f6284888b76
                                                                                                                                                                          • Opcode Fuzzy Hash: 4f631121a08607db59a96c698b541cb3eb44a2d5f15b0f6923b639ad5ebe8cb6
                                                                                                                                                                          • Instruction Fuzzy Hash: DFE1F3B1A08341AFE310CF68C84172ABBE0BF94354F144A2DF99597382DB79E915DBC2
                                                                                                                                                                          Function 0111E69A Relevance: 4.0, Strings: 2, Instructions: 1546COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: &;{$B1ir
                                                                                                                                                                          • API String ID: 0-4163449919
                                                                                                                                                                          • Opcode ID: f37a0da97fafea77c923866cb339653cab796f7170b3ca918ac69ec532241da8
                                                                                                                                                                          • Instruction ID: f5cdab09bac65bb08ed8c09afd47f6991915f5edf6b83955e3af8e200d5ee92e
                                                                                                                                                                          • Opcode Fuzzy Hash: f37a0da97fafea77c923866cb339653cab796f7170b3ca918ac69ec532241da8
                                                                                                                                                                          • Instruction Fuzzy Hash: 44B2E5F3A0C2049FE304AE29EC8567AFBE9EF94720F16493DE6C583744EA3558058797
                                                                                                                                                                          Function 00FA4040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+($f
                                                                                                                                                                          • API String ID: 0-2038831151
                                                                                                                                                                          • Opcode ID: f4dd3e2f78341426ebbdf7673605429e4d4954524ee3ffc2f0a64cdec2369a74
                                                                                                                                                                          • Instruction ID: 197bbd5f268cf18f31e3b83f0de90f6d621cacbb5de07621cee803dc0cf30e94
                                                                                                                                                                          • Opcode Fuzzy Hash: f4dd3e2f78341426ebbdf7673605429e4d4954524ee3ffc2f0a64cdec2369a74
                                                                                                                                                                          • Instruction Fuzzy Hash: 8912AEB1A083419FC715CF18C880B2EBBE5FBCA314F188A2CF49497291D7B5E945DB92
                                                                                                                                                                          Function 00F9F620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: dg$hi
                                                                                                                                                                          • API String ID: 0-2859417413
                                                                                                                                                                          • Opcode ID: e4357c5a0845af562e5726cf4028e2ffa1d916057710dd59cc1629e1886d75b4
                                                                                                                                                                          • Instruction ID: 1226bb2f24f118a9ed54b119bcec5b2b861383caed5aa25ccf4df6cf3073f3aa
                                                                                                                                                                          • Opcode Fuzzy Hash: e4357c5a0845af562e5726cf4028e2ffa1d916057710dd59cc1629e1886d75b4
                                                                                                                                                                          • Instruction Fuzzy Hash: CDF18371618341EFEB04CF24D891B2ABBF6FB86355F149A2CF1858B2A1C739D845DB12
                                                                                                                                                                          Function 00F635B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: Inf$NaN
                                                                                                                                                                          • API String ID: 0-3500518849
                                                                                                                                                                          • Opcode ID: e699fb22ced7a3e76b343ee9e391ccdad27f4a4b6290d1a4582cd41c83839309
                                                                                                                                                                          • Instruction ID: 4131b692b4d00fab12fd2717cc28322f7d7448b21bd6d3018055b2be1616a904
                                                                                                                                                                          • Opcode Fuzzy Hash: e699fb22ced7a3e76b343ee9e391ccdad27f4a4b6290d1a4582cd41c83839309
                                                                                                                                                                          • Instruction Fuzzy Hash: 54D1E6B2E083119BC704CF68C98065EBBE1EFC8750F158A2DF99997391E675DD04AB82
                                                                                                                                                                          Function 00F7FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: BaBc$Ye[g
                                                                                                                                                                          • API String ID: 0-286865133
                                                                                                                                                                          • Opcode ID: 0823f3e96d9c8bda2f60d59886373cdb9a794de5cd5c1ac2c2162a177ed8055e
                                                                                                                                                                          • Instruction ID: f720af3b1b7178c9883fdab11bdcd100f2a6269739bd949ab5603f170a4b0b29
                                                                                                                                                                          • Opcode Fuzzy Hash: 0823f3e96d9c8bda2f60d59886373cdb9a794de5cd5c1ac2c2162a177ed8055e
                                                                                                                                                                          • Instruction Fuzzy Hash: 7051CCB2A083818BD331EF14C881BABB7E0FF96320F58491DE4DA8B651E7749944DB57
                                                                                                                                                                          Function 00F65160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %1.17g
                                                                                                                                                                          • API String ID: 0-1551345525
                                                                                                                                                                          • Opcode ID: ee3ea543652a2524819766b2ae5a4b609832a75507f28be02114a3223c28c75f
                                                                                                                                                                          • Instruction ID: 09c30d9fb6cd8740d4ec06f4c631022742f15623ccad5cdb9035c51f10be2004
                                                                                                                                                                          • Opcode Fuzzy Hash: ee3ea543652a2524819766b2ae5a4b609832a75507f28be02114a3223c28c75f
                                                                                                                                                                          • Instruction Fuzzy Hash: C622F5B2E08B46CBE7158E18D940326BBE3AFE1B24F1D856DD8996B341EB71DC04E741
                                                                                                                                                                          Function 00F912D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: "
                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                          • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                                                          • Instruction ID: 42dd280416ce2ca305ca7a80ca3a26c20558bb6e98b82e40ab0be66b70b50b9a
                                                                                                                                                                          • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                                                          • Instruction Fuzzy Hash: 13F11871E083425FEB24CE28C85066BBBE5BFC5350F19897DE89987382D634DD05E792
                                                                                                                                                                          Function 00F8AE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+(
                                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                                          • Opcode ID: 79f3bf3584e903e61b8b9124ed04243a62ba10a4db0e845f2b2e96b1095cecdb
                                                                                                                                                                          • Instruction ID: 9b712aa6e748c0ddc966685a18bab179ab74a50470760a6838ffa6766df5e9c5
                                                                                                                                                                          • Opcode Fuzzy Hash: 79f3bf3584e903e61b8b9124ed04243a62ba10a4db0e845f2b2e96b1095cecdb
                                                                                                                                                                          • Instruction Fuzzy Hash: F3E1AD71508306CBC714EF28C8905AEB7E2FF99791F648A1CE4C587220E335E959EB92
                                                                                                                                                                          Function 00F76EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+(
                                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                                          • Opcode ID: 50384a32043e563554d628188d7755e5ff4ac027006bf108152101dc49643c04
                                                                                                                                                                          • Instruction ID: fedffd359a0baecf84db0d2896b50bc0690a83a3b38b58cfdf180b9fb0493492
                                                                                                                                                                          • Opcode Fuzzy Hash: 50384a32043e563554d628188d7755e5ff4ac027006bf108152101dc49643c04
                                                                                                                                                                          • Instruction Fuzzy Hash: C3F1B0B5A00A05CFC725DF64D891A26B3F2FF49324B14892EE48BC7691EB34F815EB41
                                                                                                                                                                          Function 00F87E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+(
                                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                                          • Opcode ID: fd0082f224cecd42d5dc210125fd0fec4aa0aefee6beaf49bc3c828cb8b03680
                                                                                                                                                                          • Instruction ID: d109c2c886a7a9449975223742ef86574f18a93267e2895dff143c407e593ba9
                                                                                                                                                                          • Opcode Fuzzy Hash: fd0082f224cecd42d5dc210125fd0fec4aa0aefee6beaf49bc3c828cb8b03680
                                                                                                                                                                          • Instruction Fuzzy Hash: 5FC1C071908300ABD710BB14CC82A6BB7F5EF957A4F588818F8C597251EB35DC06EBA2
                                                                                                                                                                          Function 00F88D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+(
                                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                                          • Opcode ID: 99278a534d352dc8ed8782c8157eaeb7be2d61a970f785993a32b316b8ae875a
                                                                                                                                                                          • Instruction ID: 3c3f1af5d755a10752c81e521d39985e008a1cdbba6c88fa89e1962c1ba2e47d
                                                                                                                                                                          • Opcode Fuzzy Hash: 99278a534d352dc8ed8782c8157eaeb7be2d61a970f785993a32b316b8ae875a
                                                                                                                                                                          • Instruction Fuzzy Hash: F0D1EC70618306DFD704EF68DC80A6AB7E5FF89310F59896CE88687291DB34E801EF51
                                                                                                                                                                          Function 00FA7FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: P
                                                                                                                                                                          • API String ID: 0-3110715001
                                                                                                                                                                          • Opcode ID: d6f2bdc1eff158646c0ad3ffa5cf9443883176bcd67e3347dec18caf859f0496
                                                                                                                                                                          • Instruction ID: b35cdaccd89a4e3e2354f017546c3a95192e0f3af21bc31e304ccd02ca9e4f17
                                                                                                                                                                          • Opcode Fuzzy Hash: d6f2bdc1eff158646c0ad3ffa5cf9443883176bcd67e3347dec18caf859f0496
                                                                                                                                                                          • Instruction Fuzzy Hash: 92D109B29083654FC725CE18D49071EB7E1EB86758F198A2CE8B5AB381CBB5DC06D7C1
                                                                                                                                                                          Function 00F8CCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                          • String ID: %*+(
                                                                                                                                                                          • API String ID: 2994545307-3233224373
                                                                                                                                                                          • Opcode ID: 0c7f3096c9e63b769b2a8c6a94021050f83fe812796d3822195ace10107a534b
                                                                                                                                                                          • Instruction ID: 875ec8dd66f9aa465f36dc388b1106430d93c80eda2472a2668eeae0f4c66e79
                                                                                                                                                                          • Opcode Fuzzy Hash: 0c7f3096c9e63b769b2a8c6a94021050f83fe812796d3822195ace10107a534b
                                                                                                                                                                          • Instruction Fuzzy Hash: 98B1F271A083058BD714FF64D880B6BBBE2EF85350F14492CE5C58B291E335E855EBE2
                                                                                                                                                                          Function 00F6A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: ,
                                                                                                                                                                          • API String ID: 0-3772416878
                                                                                                                                                                          • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                                                          • Instruction ID: a3cd7d92f1674ea81a732fc0e471ebb1bbdd8c342e785745ff781f37989ac90e
                                                                                                                                                                          • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                                                          • Instruction Fuzzy Hash: D2B138715083819FD325CF28C88061BFBE1AFA9704F548A2DF5D997742D231EA18CBA7
                                                                                                                                                                          Function 00F9FC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+(
                                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                                          • Opcode ID: 99e66b563e1ddc7927be103dd565776c2fcc45a230d564283de497fee04be82e
                                                                                                                                                                          • Instruction ID: 9f04366e87e3c73bc79cf417aca339a8f30a341a3eafc00097f7f508e1cad758
                                                                                                                                                                          • Opcode Fuzzy Hash: 99e66b563e1ddc7927be103dd565776c2fcc45a230d564283de497fee04be82e
                                                                                                                                                                          • Instruction Fuzzy Hash: 0E81D0B1A18304EBEB10EF54DC84B2AB7E5FB8A705F14892CF584C7251D735D918EBA2
                                                                                                                                                                          Function 00F7D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+(
                                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                                          • Opcode ID: c68531bb19b10fe03a5a58256031f1fa24744df79acbadd6f153145b73fabc8f
                                                                                                                                                                          • Instruction ID: 6146d2560f194dd9711917de404477c07f810d73ccec0ceb94e9d59aaf91e8df
                                                                                                                                                                          • Opcode Fuzzy Hash: c68531bb19b10fe03a5a58256031f1fa24744df79acbadd6f153145b73fabc8f
                                                                                                                                                                          • Instruction Fuzzy Hash: 0961F1B2908204DBD710EF58DC82A3BB3B4FF95354F484929F8899B251E735E910EB92
                                                                                                                                                                          Function 00FA4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+(
                                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                                          • Opcode ID: 7c38d53317a3c6d848184e9ac73321f60ef7d2b27da742cf2028cbd24d30e050
                                                                                                                                                                          • Instruction ID: 1c8963875284a1a51daaa6204b6b6f6739b4705b826c6de5fae8719dde966b6a
                                                                                                                                                                          • Opcode Fuzzy Hash: 7c38d53317a3c6d848184e9ac73321f60ef7d2b27da742cf2028cbd24d30e050
                                                                                                                                                                          • Instruction Fuzzy Hash: B961E1B1A083059FD710DF15D880B2AB7E6EBC6760F28891CE5C987291D7B5FC01EB62
                                                                                                                                                                          Function 0109C775 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: P9s{
                                                                                                                                                                          • API String ID: 0-37129248
                                                                                                                                                                          • Opcode ID: 20215797ec398e682f16c00f0e5824cbc99f4fc4796cc4747719258084f4c39c
                                                                                                                                                                          • Instruction ID: 49d6494e01bffdf449bfa2814c9cec1244b14d39a98c8f618da014bbed639a31
                                                                                                                                                                          • Opcode Fuzzy Hash: 20215797ec398e682f16c00f0e5824cbc99f4fc4796cc4747719258084f4c39c
                                                                                                                                                                          • Instruction Fuzzy Hash: 20515BF3B092049FE3046D2DED8477AB6D6DBD8760F27863DE68483784E93958058256
                                                                                                                                                                          Function 010A237C Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: V
                                                                                                                                                                          • API String ID: 0-3569767105
                                                                                                                                                                          • Opcode ID: 4da64fd08a2bddeffe52bda124972d1cc2f3f80a853a721cfb70054a595d464e
                                                                                                                                                                          • Instruction ID: 476606bc7d80e0523bba846a589675aebf80078b446d10cb98c6d74660147279
                                                                                                                                                                          • Opcode Fuzzy Hash: 4da64fd08a2bddeffe52bda124972d1cc2f3f80a853a721cfb70054a595d464e
                                                                                                                                                                          • Instruction Fuzzy Hash: 925139F3A182045BE3046E3DDD8432AFBD7EBD4310F2B463DCAC597784E979580A8286
                                                                                                                                                                          Function 010DBEA8 Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: "?
                                                                                                                                                                          • API String ID: 0-1403633321
                                                                                                                                                                          • Opcode ID: ad12545b04418b0504b07c538bfc229c1f8dc30f1e7aa254974596d8ffe968cb
                                                                                                                                                                          • Instruction ID: 2e867b1af471ef98a21fc71ade8539e0d8dc4c9dad156dca614388b27e8dd7b5
                                                                                                                                                                          • Opcode Fuzzy Hash: ad12545b04418b0504b07c538bfc229c1f8dc30f1e7aa254974596d8ffe968cb
                                                                                                                                                                          • Instruction Fuzzy Hash: 915144F3E147185BF3046A29EC8536AB795EB94320F2B423DDF8493784E975690886C6
                                                                                                                                                                          Function 00F6E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00F6E333
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                                                                          • API String ID: 0-2471034898
                                                                                                                                                                          • Opcode ID: 43b535d61ee913ee5c1226272d447855bcbc9e959101bc4296d4f57aa2ae5463
                                                                                                                                                                          • Instruction ID: 60ec0843934004d11ef54d6a77d29327750a36757a2441656f53a975d0f9c81f
                                                                                                                                                                          • Opcode Fuzzy Hash: 43b535d61ee913ee5c1226272d447855bcbc9e959101bc4296d4f57aa2ae5463
                                                                                                                                                                          • Instruction Fuzzy Hash: B751273BE596904BD328893C4C663AA7EC70BE3334B3DC769E9F18B3E5D5558804A390
                                                                                                                                                                          Function 00FA3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+(
                                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                                          • Opcode ID: 5726cff7f3bc706afe2625868ad0da2a17ee7a2814fb68913cbf8d37c68ffa21
                                                                                                                                                                          • Instruction ID: 0f1f246a364f0314fdf990e90955b6bc01ba9550fee5d7728e99a84c22e00a2b
                                                                                                                                                                          • Opcode Fuzzy Hash: 5726cff7f3bc706afe2625868ad0da2a17ee7a2814fb68913cbf8d37c68ffa21
                                                                                                                                                                          • Instruction Fuzzy Hash: 9351A1B4A092009BCB24DF15D880B2AF7E6FF8A754F14891CF4C597251D779DD10EB62
                                                                                                                                                                          Function 010F6514 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: Uw}
                                                                                                                                                                          • API String ID: 0-266473373
                                                                                                                                                                          • Opcode ID: 82167b5f421430a3b08636da7554d399fe6ad6168463f0c73c7640c8ec12b267
                                                                                                                                                                          • Instruction ID: a2228f38ba2c0077e4bd4b4fa2fb1c8cf7a0636abf7471a13379bddadfb15707
                                                                                                                                                                          • Opcode Fuzzy Hash: 82167b5f421430a3b08636da7554d399fe6ad6168463f0c73c7640c8ec12b267
                                                                                                                                                                          • Instruction Fuzzy Hash: 5141CFF39083189FE3146E69DCC177AB7E9EB54324F260A3DD6C087380EA7958408B86
                                                                                                                                                                          Function 00F71BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: L3
                                                                                                                                                                          • API String ID: 0-2730849248
                                                                                                                                                                          • Opcode ID: f05857ec538f950fc024b8da16041609082367868d066d7c828ad83d8b52b6d4
                                                                                                                                                                          • Instruction ID: 97989ed14e7599e85ad2db271a778803d8fb89935413d1723ba5f7879359973e
                                                                                                                                                                          • Opcode Fuzzy Hash: f05857ec538f950fc024b8da16041609082367868d066d7c828ad83d8b52b6d4
                                                                                                                                                                          • Instruction Fuzzy Hash: 624174B44083809BC7109F58C890A2FBBF0FF86314F08890DF5C99B291D336C9099B57
                                                                                                                                                                          Function 00F9FF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+(
                                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                                          • Opcode ID: f89e1aa6dd6504379b4003ba38c200a2c3b216288fe1b52728086e5365d950b5
                                                                                                                                                                          • Instruction ID: 3da5ab20e226997519d13d8ca68f56a4c425041c6da086ffeb40e0379337da82
                                                                                                                                                                          • Opcode Fuzzy Hash: f89e1aa6dd6504379b4003ba38c200a2c3b216288fe1b52728086e5365d950b5
                                                                                                                                                                          • Instruction Fuzzy Hash: 543118F1A08305ABD610EE54EC81B2BB7E8EB83754F148928F885C7252E735DC14E7A3
                                                                                                                                                                          Function 00F8E40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 72?1
                                                                                                                                                                          • API String ID: 0-1649870076
                                                                                                                                                                          • Opcode ID: ed59e1e4e428232fa13dba3c60c804e03cdc870dc11a015f8a61f3deb021449e
                                                                                                                                                                          • Instruction ID: 7ce31e6010f014f0ec814d0bac29f31cf45e258298fe470e5052d0db206b3165
                                                                                                                                                                          • Opcode Fuzzy Hash: ed59e1e4e428232fa13dba3c60c804e03cdc870dc11a015f8a61f3deb021449e
                                                                                                                                                                          • Instruction Fuzzy Hash: 0431E6B5E00249CFDB20EF95E8D05AFB7B4FB06304F540528E486A7301D335A905EFA2
                                                                                                                                                                          Function 00F76F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: %*+(
                                                                                                                                                                          • API String ID: 0-3233224373
                                                                                                                                                                          • Opcode ID: 0aaf4c42dced34e890178ba0ba0de5b74b125538e839c089903d6322b91f37fe
                                                                                                                                                                          • Instruction ID: d49423477c9b3999f5b60dc622f2fde7a6c6880f04a38599f00ea8da08575e0c
                                                                                                                                                                          • Opcode Fuzzy Hash: 0aaf4c42dced34e890178ba0ba0de5b74b125538e839c089903d6322b91f37fe
                                                                                                                                                                          • Instruction Fuzzy Hash: F5418B75614B08DBD7319F61C990B22B7F2FB09700F24C909E58A8BA61E335F810AB11
                                                                                                                                                                          Function 00F8E66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 72?1
                                                                                                                                                                          • API String ID: 0-1649870076
                                                                                                                                                                          • Opcode ID: b41e2fb3f79b903cdc3d79864c610436f3aa494ff6bd3094d1280f32e54557f8
                                                                                                                                                                          • Instruction ID: 24de1ccd400b610a06107725b208d0687d52a4ddc5ac73ea9643eef885e6aedd
                                                                                                                                                                          • Opcode Fuzzy Hash: b41e2fb3f79b903cdc3d79864c610436f3aa494ff6bd3094d1280f32e54557f8
                                                                                                                                                                          • Instruction Fuzzy Hash: 9221E2B1A00249CFDB20EF95D8D05AFBBB5BB0A700F54091CE486AB301C335AD01EFA2
                                                                                                                                                                          Function 00FA9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                          • String ID: @
                                                                                                                                                                          • API String ID: 2994545307-2766056989
                                                                                                                                                                          • Opcode ID: 9f89bd3d3fcfa94fd4f806d28aad965db152d6d438c2158ea22c5e4ba30c8ed7
                                                                                                                                                                          • Instruction ID: 47649ce36eb8d0d0e4bfdc385547d486d03097d0b504c1aee5c2341527dbff68
                                                                                                                                                                          • Opcode Fuzzy Hash: 9f89bd3d3fcfa94fd4f806d28aad965db152d6d438c2158ea22c5e4ba30c8ed7
                                                                                                                                                                          • Instruction Fuzzy Hash: 9B3176B090C3049BD710EF15D880A2AFBF9FF9A324F24892CE5C997251D376D944DBA6
                                                                                                                                                                          Function 00F74E2A Relevance: 1.0, Instructions: 957COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1cba11ca9d9729534e0df2f1cbf682875deb6b7fc466909f91d99360ca77f989
                                                                                                                                                                          • Instruction ID: 44b72b1557b283a085cb3b98fb0d5ab3b2490e6cfb3da5df663dd97939f089ee
                                                                                                                                                                          • Opcode Fuzzy Hash: 1cba11ca9d9729534e0df2f1cbf682875deb6b7fc466909f91d99360ca77f989
                                                                                                                                                                          • Instruction Fuzzy Hash: 6B625AB0900B408FD725CF24D990B27B7F6AF46714F54892ED49B8BA52E774F808DB92
                                                                                                                                                                          Function 00F6BEB0 Relevance: .9, Instructions: 895COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                                                          • Instruction ID: 227c12494ea0112a94978e005a73357c7238dced61e25e42fb1f2e7a1c5e6e70
                                                                                                                                                                          • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                                                          • Instruction Fuzzy Hash: 70520932A087118BC725DF18D8403BAB3E1FFD5329F298A2DD9C693291D735A851DBC6
                                                                                                                                                                          Function 00FA8652 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 09e2b7b23b429a3e73cf4b1735d478d42b296463fd868ba689def704bcd87f62
                                                                                                                                                                          • Instruction ID: 29df406e7fa4a55ef79050051fea9f398668303b4df297fafd9b5a1a661b6317
                                                                                                                                                                          • Opcode Fuzzy Hash: 09e2b7b23b429a3e73cf4b1735d478d42b296463fd868ba689def704bcd87f62
                                                                                                                                                                          • Instruction Fuzzy Hash: 9822CB75A0C344DFCB04DF68E99062AB7E1FB8A315F098A6DE58987352C735E850EF42
                                                                                                                                                                          Function 00FA86F0 Relevance: .7, Instructions: 681COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0963e30f1f9f6f2f94c64aa48ee5abd2fdc3b5ded16742fd4bd5f062df987af3
                                                                                                                                                                          • Instruction ID: 3f502b5063adca412fe6f35ea179133185a1ab30950256e0e858cd7fa5fb04e3
                                                                                                                                                                          • Opcode Fuzzy Hash: 0963e30f1f9f6f2f94c64aa48ee5abd2fdc3b5ded16742fd4bd5f062df987af3
                                                                                                                                                                          • Instruction Fuzzy Hash: EA22B975A0C344DFC704DF68E99062ABBE1FB8A315F098A6DE48987352C335E850EF52
                                                                                                                                                                          Function 00F6B3A0 Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9f2098f65f6ffefeafa5b1be9b3c9be939c2e0c4f591b1765314f29d9ccace27
                                                                                                                                                                          • Instruction ID: 71c026dbde202cdbdffca2114546c5c5e1ff2e89c4129a9a8cc43a0914bbdb38
                                                                                                                                                                          • Opcode Fuzzy Hash: 9f2098f65f6ffefeafa5b1be9b3c9be939c2e0c4f591b1765314f29d9ccace27
                                                                                                                                                                          • Instruction Fuzzy Hash: 4752C470D08B888FE735CB24C4843A7BBE2AF91324F144D2DC5E686B82C779A9C5E751
                                                                                                                                                                          Function 00F671F0 Relevance: .7, Instructions: 657COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 907542826f48b9d05285fda8b2fee569672e1cc89f540a14ba2994d948614b60
                                                                                                                                                                          • Instruction ID: 404c46de90e268fbd9b4835b411cc758499c978776d160b6664a06cc37ce9ec6
                                                                                                                                                                          • Opcode Fuzzy Hash: 907542826f48b9d05285fda8b2fee569672e1cc89f540a14ba2994d948614b60
                                                                                                                                                                          • Instruction Fuzzy Hash: 3752D33190C3458FCB15DF28C0906AABBE1BF88318F198A6DE89957352D774E989DF81
                                                                                                                                                                          Function 00F68FD0 Relevance: .6, Instructions: 620COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: be80190d37946a07c1cac4e711f9fe1e7636735633a6db16b0ba322bc687f5a1
                                                                                                                                                                          • Instruction ID: 5db35a5972664136059feb44415beb74dbe584cda1be9941c80f126b4ad066cc
                                                                                                                                                                          • Opcode Fuzzy Hash: be80190d37946a07c1cac4e711f9fe1e7636735633a6db16b0ba322bc687f5a1
                                                                                                                                                                          • Instruction Fuzzy Hash: 834265B9608305DFD704CF28D85075ABBE5FB89314F09886CE8858B3A1D775D985EF42
                                                                                                                                                                          Function 00F67BF0 Relevance: .6, Instructions: 592COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 53ff51edf239969eca9afbe089fa404db7c21d2ff5014de3a36f62bd6da0cb8c
                                                                                                                                                                          • Instruction ID: eea15fce115bbbfc8b341006b7dc9b1b39d7d2ddd1e069ade71467f19756b377
                                                                                                                                                                          • Opcode Fuzzy Hash: 53ff51edf239969eca9afbe089fa404db7c21d2ff5014de3a36f62bd6da0cb8c
                                                                                                                                                                          • Instruction Fuzzy Hash: 33322271918B118FC328CF29C69062ABBF1BF45754B604A2ED6A787F90D736F845EB10
                                                                                                                                                                          Function 00FA89A0 Relevance: .5, Instructions: 545COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 911a9da406c85bdd4646690c44ee299e509d9b35d7331c48b79daebdcac2c44d
                                                                                                                                                                          • Instruction ID: e4a37b82f546803557e919526060c5da1ffa49d33fca6c0ff33904d5383cf34f
                                                                                                                                                                          • Opcode Fuzzy Hash: 911a9da406c85bdd4646690c44ee299e509d9b35d7331c48b79daebdcac2c44d
                                                                                                                                                                          • Instruction Fuzzy Hash: 7902A97560C245DFC704DF68E98061ABBE1EF8A315F098A6DE5C587362C336E814EF92
                                                                                                                                                                          Function 00FA8A80 Relevance: .5, Instructions: 524COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a616378cda75d37ee4da2d99c9fdc9114c2c19f4826b63a5ea3264d70f5fe88e
                                                                                                                                                                          • Instruction ID: 0191898a2910b9b169b6164a9645db928a70e87003d62a9fbc780d03b8b634bf
                                                                                                                                                                          • Opcode Fuzzy Hash: a616378cda75d37ee4da2d99c9fdc9114c2c19f4826b63a5ea3264d70f5fe88e
                                                                                                                                                                          • Instruction Fuzzy Hash: 2CF1987560C344DFC704DF68E98061AFBE1EF8A315F098A6DE4C987252D336E914EB92
                                                                                                                                                                          Function 00FA8C02 Relevance: .5, Instructions: 487COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5cf82c65c8d9e946d125fd51bf58d1a6f783900a28e74209c3dd4b487560ad3a
                                                                                                                                                                          • Instruction ID: 214f66d077a0417e90e28956dd6b2a91ffaf702633cf4bc957def12a3512e8f7
                                                                                                                                                                          • Opcode Fuzzy Hash: 5cf82c65c8d9e946d125fd51bf58d1a6f783900a28e74209c3dd4b487560ad3a
                                                                                                                                                                          • Instruction Fuzzy Hash: 60E1AD7160C245CFC704DF28E98062AB7E1EB8A315F098A6CE5D987352D736E910EB92
                                                                                                                                                                          Function 00F6A300 Relevance: .5, Instructions: 459COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                                                          • Instruction ID: e1da728f5ac73e7ecd262af28b2c51208f63e9f0b357f0038712027f6e4b7bb2
                                                                                                                                                                          • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                                                          • Instruction Fuzzy Hash: 50F1BC766087418FC724CF29C88176BFBE2AFD8304F08882DE4D687751E639E945CB92
                                                                                                                                                                          Function 00FA8E70 Relevance: .4, Instructions: 420COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0856000303179b637fb0edeb9bbd5376a6706823431c09b5fb9813948e304df8
                                                                                                                                                                          • Instruction ID: f214ad25378923d7b175ab4a73021b9968e66ccb9ae220e88b69c3152d3e57b0
                                                                                                                                                                          • Opcode Fuzzy Hash: 0856000303179b637fb0edeb9bbd5376a6706823431c09b5fb9813948e304df8
                                                                                                                                                                          • Instruction Fuzzy Hash: 96D1AD7460C244DFD704EF28D98062EFBF5EB8A315F098A6DE4C587252D736E810EB92
                                                                                                                                                                          Function 00F74487 Relevance: .4, Instructions: 389COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c47480c4262b32732e4ab1243ac9b467ebcad1041b0c31cd1bf5f610320e8af3
                                                                                                                                                                          • Instruction ID: c2ee9157597ea8bdc1e06a752ec3dfe2f3b430d2bd722d29cef06c7e3de9f550
                                                                                                                                                                          • Opcode Fuzzy Hash: c47480c4262b32732e4ab1243ac9b467ebcad1041b0c31cd1bf5f610320e8af3
                                                                                                                                                                          • Instruction Fuzzy Hash: 84E10EB5601B00CFD325DF28D992B97B7E1FF06704F04882DE4AACB652E735B8149B55
                                                                                                                                                                          Function 00FA6CBF Relevance: .4, Instructions: 384COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 91800a5b1acc4870de1332fb76078163d6e91d8c560837578c39cb2e759acdec
                                                                                                                                                                          • Instruction ID: d16dbafea8692a9f60741d507c7531d864289c741b790b42ff5d24087e4eb324
                                                                                                                                                                          • Opcode Fuzzy Hash: 91800a5b1acc4870de1332fb76078163d6e91d8c560837578c39cb2e759acdec
                                                                                                                                                                          • Instruction Fuzzy Hash: ACD10276618759CFC710CF78D8C052ABBE1AB8A314F098A6CE491C7391D735EA44DF91
                                                                                                                                                                          Function 00FA7AB0 Relevance: .4, Instructions: 354COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: cd2f5e0343a74732712bb46bb1fda266b12c779408ea4b72ccefbaba326bba99
                                                                                                                                                                          • Instruction ID: ff9730df839b9f47a61721a652b93e21e04f729b998793443b37b4e90399cbef
                                                                                                                                                                          • Opcode Fuzzy Hash: cd2f5e0343a74732712bb46bb1fda266b12c779408ea4b72ccefbaba326bba99
                                                                                                                                                                          • Instruction Fuzzy Hash: 9AB107B2A0C3504BE314EA68CC81B6BB7E5EFC6324F08492CE99997391E735DC049792
                                                                                                                                                                          Function 00F6AF10 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                                                          • Instruction ID: 937a106cd979e88c77dfdbb2e73cd2e321a96faa8d41d69ab0013db591c6d9cd
                                                                                                                                                                          • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                                                          • Instruction Fuzzy Hash: 56C14AB2A487418FC360CF68DC96BABB7E1BF85318F08492DD1D9C6342E778A155CB46
                                                                                                                                                                          Function 00F76536 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0a106e0a76d765942f6ae2351c90f93e770fc5af06482b641c832e9adfed7035
                                                                                                                                                                          • Instruction ID: 2c661d45847e18cef1d5bc8a1da5841c361b6b2522c8c9f9e37e0c19c3ae554b
                                                                                                                                                                          • Opcode Fuzzy Hash: 0a106e0a76d765942f6ae2351c90f93e770fc5af06482b641c832e9adfed7035
                                                                                                                                                                          • Instruction Fuzzy Hash: 25B100B4500B408BD325DF24C981B27BBF1EF4A704F14885DE8AA8BB52E735F805DB56
                                                                                                                                                                          Function 00FA7710 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                          • Opcode ID: db77f56cba4882810827ddb9bc6bb51e0136fc9a6c1e5b539dab7e1162409f49
                                                                                                                                                                          • Instruction ID: f9ba812c3416e5a0cfa91f0afb083c74beae80f667f12625a2e2c23c678f97e5
                                                                                                                                                                          • Opcode Fuzzy Hash: db77f56cba4882810827ddb9bc6bb51e0136fc9a6c1e5b539dab7e1162409f49
                                                                                                                                                                          • Instruction Fuzzy Hash: 02917FB5A0C301ABE720EB14CC80F6BB7E5EB8A354F64491DF58997351E734E940EB92
                                                                                                                                                                          Function 00FAA0D0 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 35ba12921fd0d7d21f32eb6a1b7c41d27b1eac932aacdebdf14ec4a812d9658d
                                                                                                                                                                          • Instruction ID: afeb204c07c6c710ec9a216bc0605d9217e48c3cc5db2c8c4d9acadcedeae4b1
                                                                                                                                                                          • Opcode Fuzzy Hash: 35ba12921fd0d7d21f32eb6a1b7c41d27b1eac932aacdebdf14ec4a812d9658d
                                                                                                                                                                          • Instruction Fuzzy Hash: F281CFB46087019FDB24DF28C880A2AB7F5FF5A750F55896CE486C7251E732EC18DB92
                                                                                                                                                                          Function 00F964F0 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 13ccb6f60a8246708b131a9d9d08fe4421eb77173d724dceb9b9624ef377b4e0
                                                                                                                                                                          • Instruction ID: aefe3f11462593c2d5dcdf2740c5131655d3b9f1ab6c57813e8ea9b3c34a34c2
                                                                                                                                                                          • Opcode Fuzzy Hash: 13ccb6f60a8246708b131a9d9d08fe4421eb77173d724dceb9b9624ef377b4e0
                                                                                                                                                                          • Instruction Fuzzy Hash: 1A71F733B29A904BEB149D7C4C823A5BA435BD7334B3EC379E9B4CB3E5D52948066391
                                                                                                                                                                          Function 00F828E9 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 05cf97c3d432bfe5a0d06ea4498f523a22ae74e2849f4439514679650673aa73
                                                                                                                                                                          • Instruction ID: c7522472424dd9bd2c2512259fb6cc4b8d962a90142adc8141feeafda61f5e7e
                                                                                                                                                                          • Opcode Fuzzy Hash: 05cf97c3d432bfe5a0d06ea4498f523a22ae74e2849f4439514679650673aa73
                                                                                                                                                                          • Instruction Fuzzy Hash: 856189B48083408BD750AF19D891A6BBBF1FF92760F08491DF4C58B261E339E910EB67
                                                                                                                                                                          Function 00F87C00 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 85c3b3bf9df666e149f7275f67a77ce48c768bab8452fed77a3f89fe479add32
                                                                                                                                                                          • Instruction ID: cbfa4645359d13f95efc98136556d85d2c0a3220fd5520a6c5195a3a17b3e3fb
                                                                                                                                                                          • Opcode Fuzzy Hash: 85c3b3bf9df666e149f7275f67a77ce48c768bab8452fed77a3f89fe479add32
                                                                                                                                                                          • Instruction Fuzzy Hash: 98519FB26083049BDB20BB64CC96BB773B4EF86364F244958F9858B391F375D805E761
                                                                                                                                                                          Function 00F91860 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                                                          • Instruction ID: 99347c01adf9f1a8e82be2834078bdc0c86451fa4e0275d6748abb38bbd6d122
                                                                                                                                                                          • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                                                          • Instruction Fuzzy Hash: A061BF32A093029BFB24CE29C58072FBBE2BBC5360F64C93DE4898B351D274DD85A741
                                                                                                                                                                          Function 00F982D0 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: cfbc87bf19e9503eeb8fda28511f65db3ac91438950341bbc8565cda474dfd2e
                                                                                                                                                                          • Instruction ID: 96fd967828649a2612e6e22fc34fc4e70bba02941dc95ed5756c5d0a4fde845f
                                                                                                                                                                          • Opcode Fuzzy Hash: cfbc87bf19e9503eeb8fda28511f65db3ac91438950341bbc8565cda474dfd2e
                                                                                                                                                                          • Instruction Fuzzy Hash: F4615B33B5A9914BE724853D5C553A66A831BD33B0F3EC36AD8F68B3E4CD6948076381
                                                                                                                                                                          Function 010761B1 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3b9bd887f763dfb8d7ab6fbda58d924bdd9147770fe2ddde084c152b1513269e
                                                                                                                                                                          • Instruction ID: 389aa7f74bdb7ac7c5843df97372ba05767d9936382bd0583108973edad1c229
                                                                                                                                                                          • Opcode Fuzzy Hash: 3b9bd887f763dfb8d7ab6fbda58d924bdd9147770fe2ddde084c152b1513269e
                                                                                                                                                                          • Instruction Fuzzy Hash: 4261C3F3A186009FE701AE2DEC8572AB7E5EF94710F1A493DEAC8C7380E57598458787
                                                                                                                                                                          Function 00F742FC Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8587232e358106dd56c826a71d0832d6d675a37acf8c0f2799ce5b9180c77386
                                                                                                                                                                          • Instruction ID: 8993ccdcaef56a68b131e60919579b140f776008e5167a0cac893f6da130b231
                                                                                                                                                                          • Opcode Fuzzy Hash: 8587232e358106dd56c826a71d0832d6d675a37acf8c0f2799ce5b9180c77386
                                                                                                                                                                          • Instruction Fuzzy Hash: 9D81CEB4810B00AFD360AF39DD47797BEF4AB06201F404A1EE4EA96695E7306419DBE3
                                                                                                                                                                          Function 00F9E8A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                                                          • Instruction ID: 83be10ec95a9b0a1eda9531dc6f5569016b5fbbfe95ffdc4b7e87aa156b7f808
                                                                                                                                                                          • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                                                          • Instruction Fuzzy Hash: C7515DB19087548FE714DF69D89435BBBE1BBC9318F044E2DE4E987350E379D6088B82
                                                                                                                                                                          Function 01102015 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 981cb084c8509f8548ee149003c01cd857818bff46fef47bd0ae7ace68037dd3
                                                                                                                                                                          • Instruction ID: c3f605a61780603f5bbcdd0f21ce1609b4a4a48339654ffd28b87002c6023a30
                                                                                                                                                                          • Opcode Fuzzy Hash: 981cb084c8509f8548ee149003c01cd857818bff46fef47bd0ae7ace68037dd3
                                                                                                                                                                          • Instruction Fuzzy Hash: D05180B290C2009FE318AE19DC4577AF7E6EF94720F16893DE7C483780EA7958458697
                                                                                                                                                                          Function 00FA7520 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3ba7e489903ec9b0a4fa97e1970c6c91e4b010a18a5e9f2714496dc641558eaf
                                                                                                                                                                          • Instruction ID: f27ab1faa5dc63d3a91513da48fcbd16ec023d8fd12a3da71e92e55fffdbed4c
                                                                                                                                                                          • Opcode Fuzzy Hash: 3ba7e489903ec9b0a4fa97e1970c6c91e4b010a18a5e9f2714496dc641558eaf
                                                                                                                                                                          • Instruction Fuzzy Hash: 98510AB1A0C3049FC715AE18CC90F2EB7E6FB86764F288A2CE8D597391D635EC119B51
                                                                                                                                                                          Function 00F65A50 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1fddf3cd1327c77bd02bcc4229516add2f08c2ec28c133014bb5dea4c0c846cf
                                                                                                                                                                          • Instruction ID: 48ca6faa2fb6cbda15068b6806bd1044a2226bc6eaf273cf2b616dbf73203466
                                                                                                                                                                          • Opcode Fuzzy Hash: 1fddf3cd1327c77bd02bcc4229516add2f08c2ec28c133014bb5dea4c0c846cf
                                                                                                                                                                          • Instruction Fuzzy Hash: 2D51E2B1E047049FC714DF64C880926B7A1FFC5724F19466CF899AB352DA35EC42DB92
                                                                                                                                                                          Function 01104A23 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f1fc8475d1a82588b9c2acc05abad60bb6485dc2751bd744268b72a7e6c5e0fc
                                                                                                                                                                          • Instruction ID: ac653b53c7252031d48a9737db05ac984372eb190bffd162a06f7283d238d510
                                                                                                                                                                          • Opcode Fuzzy Hash: f1fc8475d1a82588b9c2acc05abad60bb6485dc2751bd744268b72a7e6c5e0fc
                                                                                                                                                                          • Instruction Fuzzy Hash: E44137F3E186045FF304AE29DC8172AB7E6EFD8720F1AC53D9AC4C3384E93958158696
                                                                                                                                                                          Function 010C8F7A Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c1d72edf39fa82502d3881321e9f6f4fa10d89ec9ceff416240f6edbbbe73043
                                                                                                                                                                          • Instruction ID: 9d305b6cbd6effb8b38c4dc52a91ecb8b178fc1060560fa9f58bd8f79c1ec2b2
                                                                                                                                                                          • Opcode Fuzzy Hash: c1d72edf39fa82502d3881321e9f6f4fa10d89ec9ceff416240f6edbbbe73043
                                                                                                                                                                          • Instruction Fuzzy Hash: D34135F3E082105FF3186979DC8977BB7D6EB94314F1B063DED8493784E97A58058282
                                                                                                                                                                          Function 00F8EC48 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9de9166aecee87c965aa6273db0d7b4b2da6e1560aa02c9cf5cbbdc46a542c26
                                                                                                                                                                          • Instruction ID: 8ab723dbface88aa9b37cdabcc703f63e16b10188c410fd2f9bf0bb435209681
                                                                                                                                                                          • Opcode Fuzzy Hash: 9de9166aecee87c965aa6273db0d7b4b2da6e1560aa02c9cf5cbbdc46a542c26
                                                                                                                                                                          • Instruction Fuzzy Hash: A041AF74D00329DBDF209F94DC91BADB7B0FF0A310F544548E945AB3A1EB38A950EB91
                                                                                                                                                                          Function 00FA9B60 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 749478b1d477abc533144bdd971af894787863e58a07240a55424a06750980f6
                                                                                                                                                                          • Instruction ID: 30a69523989064cf1f439b1532e4330b9b08b329060d6451205920112d82eb66
                                                                                                                                                                          • Opcode Fuzzy Hash: 749478b1d477abc533144bdd971af894787863e58a07240a55424a06750980f6
                                                                                                                                                                          • Instruction Fuzzy Hash: 7E4191B460C305ABDB10DF15D990B2FB7E6EB86B60F64882CF58997251D375E800EB62
                                                                                                                                                                          Function 00F72030 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c4a2aaeb8aadf12557f94eb1397c64213cffa9296a6e4912d85d6b7ac2e5298e
                                                                                                                                                                          • Instruction ID: 76bec6476645271034dc9d48ba0b2d20a7f712266aedaeb44a74996e31daeed4
                                                                                                                                                                          • Opcode Fuzzy Hash: c4a2aaeb8aadf12557f94eb1397c64213cffa9296a6e4912d85d6b7ac2e5298e
                                                                                                                                                                          • Instruction Fuzzy Hash: 9941EB72A083654FD35CCE3984A023ABBE1AFC5310F09C66FE4DA873D0DA748945E792
                                                                                                                                                                          Function 00F71E93 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2fc8416298949f175467e82c7c06264b3d400aaa77f3b7ed5e06fb49f674bbab
                                                                                                                                                                          • Instruction ID: 014bdf0daa7f7ae1906047dfe22625cbfc6f7c795308c781a98149c2ad050864
                                                                                                                                                                          • Opcode Fuzzy Hash: 2fc8416298949f175467e82c7c06264b3d400aaa77f3b7ed5e06fb49f674bbab
                                                                                                                                                                          • Instruction Fuzzy Hash: C841F2745083809BD321AB58C884B1EFBF5FB96354F14891DF6C897292C37AE8189F67
                                                                                                                                                                          Function 00FA8D8A Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5d14cb848804e89708b4c767257954e38feabf3769e13615f3f8d8024401cf17
                                                                                                                                                                          • Instruction ID: edcf265a8f029732e435c508ce4c1066a9a677bcaae9f377e42e1f16e90b24dc
                                                                                                                                                                          • Opcode Fuzzy Hash: 5d14cb848804e89708b4c767257954e38feabf3769e13615f3f8d8024401cf17
                                                                                                                                                                          • Instruction Fuzzy Hash: FE41D271A0D2508FC704DF68C49052EFBE6AF9A350F098A2DD4D5D7391CBB4DD069B82
                                                                                                                                                                          Function 00F7D961 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: da8ac4eff4c205f1165e676e1f253561dab97f460ee70a8c2fc319ddebc48143
                                                                                                                                                                          • Instruction ID: 050f39e8ce72fa338fd29c80fe05f2e1acff6d694f43aedebb73ce0bb4298c14
                                                                                                                                                                          • Opcode Fuzzy Hash: da8ac4eff4c205f1165e676e1f253561dab97f460ee70a8c2fc319ddebc48143
                                                                                                                                                                          • Instruction Fuzzy Hash: A341A0B1508385CBE330DF14C881BABB7B0FF96364F044969E58A9B752E7784940EB53
                                                                                                                                                                          Function 00F9F030 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                                                          • Instruction ID: 0ac5e9525252d76f1708bebca37f892ff9d90ee0bbd0bbd5e7e4a0ae23b4f1ac
                                                                                                                                                                          • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                                                          • Instruction Fuzzy Hash: A72137329082244BD7249B1DC88053BF7E8EB9A714F06863ED8C4E72A5E335DC6897E1
                                                                                                                                                                          Function 00FA67EF Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e9f0a19ebc3d48ef57fc9873647c8727638f3bceeaab3dfb314bd1cd27efd79e
                                                                                                                                                                          • Instruction ID: f147856d8dee58aba4839a439391a60d09f5f6f77f374f34918e68ece78b7dc8
                                                                                                                                                                          • Opcode Fuzzy Hash: e9f0a19ebc3d48ef57fc9873647c8727638f3bceeaab3dfb314bd1cd27efd79e
                                                                                                                                                                          • Instruction Fuzzy Hash: D83132B05183829AE714CF14C490A2FFBF0EF96398F54590CF4C8AB261D338D985DB9A
                                                                                                                                                                          Function 00F85E70 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0d23ec6fe0d26bf788686e63b3a754414db8c3ee2f3dc587e8d8aef229ab6946
                                                                                                                                                                          • Instruction ID: c42a0d89d56884bf3027ad27801f1989abd2d7a00458b5f44e51c9795b2d6d20
                                                                                                                                                                          • Opcode Fuzzy Hash: 0d23ec6fe0d26bf788686e63b3a754414db8c3ee2f3dc587e8d8aef229ab6946
                                                                                                                                                                          • Instruction Fuzzy Hash: 7E21B271908201DBC310EF18C8519ABB7F4EF92B64F44891CF4D59B292E338C904EBA3
                                                                                                                                                                          Function 00F649A0 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                                                          • Instruction ID: 3d5e6c49a36136ebc07293e9f810ec763f6754d6034169f04cd036ce0c2cc393
                                                                                                                                                                          • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                                                          • Instruction Fuzzy Hash: 8431FE31A482019BD710AE58D88063BB7E1FFC5368F18852CE8DAC7241D335FC42EB46
                                                                                                                                                                          Function 00FA64B8 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fd151e25352150d569e8bacf05fe18db0f25a835dd320e92ba48b29f25891521
                                                                                                                                                                          • Instruction ID: ce37372a767b255c5944f0442f5bc706f123f1dad084c7edb5809b35b3c3fcd3
                                                                                                                                                                          • Opcode Fuzzy Hash: fd151e25352150d569e8bacf05fe18db0f25a835dd320e92ba48b29f25891521
                                                                                                                                                                          • Instruction Fuzzy Hash: A2213BB460C2409BC705EF19D880A2EFBF6EB9A755F28891CE4C493361C735A851EF62
                                                                                                                                                                          Function 00F9B650 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                          • Instruction ID: 184681e2eb0bcaea593ecb03585d311f0f488fd548272c25708825c1ee84299b
                                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                          • Instruction Fuzzy Hash: 35115933A041D40EDB128D3C9940564BFA30AE3634B1843E9F0B88B2D2C3229D8A9310
                                                                                                                                                                          Function 00F90B80 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                                                          • Instruction ID: d8118f60d7e1cd5d598e3f37bec34b565cab2abf8ac5957643327466dd18ccb3
                                                                                                                                                                          • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                                                          • Instruction Fuzzy Hash: D90175F5E003415BFF209E9598D1B3BB2A86FC0728F18452CD98A97201DF79EC05E6D1
                                                                                                                                                                          Function 00F8D1E1 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 904f658674721125d7cc5c3b9158591ef04f96e0770e96c428926986b4c6371b
                                                                                                                                                                          • Instruction ID: ff58acdae40ecedff0fec3f1413f5d321afad842315433efd484f07dbfc43231
                                                                                                                                                                          • Opcode Fuzzy Hash: 904f658674721125d7cc5c3b9158591ef04f96e0770e96c428926986b4c6371b
                                                                                                                                                                          • Instruction Fuzzy Hash: A011ECB0408380AFD310AF618894A2FFBE5EBA6714F148C0DF6A49B251C379E819DF56
                                                                                                                                                                          Function 00F66EA0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 19004e6003f4b997f76b142e922b17f89e5b2933f0999a46efe69128f0df8fb5
                                                                                                                                                                          • Instruction ID: eb4f9ba0bddbd9ef4db58051a487d2e2f24ca9216dcb3254261fe60afbeb6598
                                                                                                                                                                          • Opcode Fuzzy Hash: 19004e6003f4b997f76b142e922b17f89e5b2933f0999a46efe69128f0df8fb5
                                                                                                                                                                          • Instruction Fuzzy Hash: FDF0E93FB5921E0BA210CDAAE884C3BF3E6D7DA375B145538EE41D3201DD72E806A1D4
                                                                                                                                                                          Function 00F9B8C0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                                                          • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                                                                                                          • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                                                          • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                                                                                                          Function 00F7C5F0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                                                          • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                                                                          • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                                                          • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                                                                          Function 00F7B410 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                                                          • Instruction ID: d94cebfdab72eff974a68c32320992ba0509659a777c566fc2998fccd27b062e
                                                                                                                                                                          • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                                                          • Instruction Fuzzy Hash: 4AF0E5B1A086106BDF22CE549CC0F37BB9CCF8B364F19042BE88997203D261A845C3E7
                                                                                                                                                                          Function 00F98220 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 02853563f78fa4ea655f91b3defa428e9fe720656b3dd5dc6ad3ce2b815b3ec4
                                                                                                                                                                          • Instruction ID: d7b8c8be3e1c0e616a7d260b106418f99b622eced66332921b4d031dd0a10f57
                                                                                                                                                                          • Opcode Fuzzy Hash: 02853563f78fa4ea655f91b3defa428e9fe720656b3dd5dc6ad3ce2b815b3ec4
                                                                                                                                                                          • Instruction Fuzzy Hash: 2701E4F04107009FC360EF29C445747BBE8EB09714F004A1DE8EECB681D770A5448B82
                                                                                                                                                                          Function 00FA1440 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                                          • Instruction ID: 3c8603fa3b802bdb3af47b24dae2ec8482237a44f76a6074a6d177d08d8e65ee
                                                                                                                                                                          • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                                                          • Instruction Fuzzy Hash: EED0A775A08321469F74CE1DA400977F7F4FACBB21F4A955EF996E3148E230DC41D2A9
                                                                                                                                                                          Function 00F71ACD Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 16891dcd849d51d4b24733cb066491f26f2e0ddb5df4e6689a4a5305035955e6
                                                                                                                                                                          • Instruction ID: 845e83d5b75cd8fbd314eabd2c6b811f8feada4ae946e61cf03a5c2a2449f3ce
                                                                                                                                                                          • Opcode Fuzzy Hash: 16891dcd849d51d4b24733cb066491f26f2e0ddb5df4e6689a4a5305035955e6
                                                                                                                                                                          • Instruction Fuzzy Hash: 4BC01234A180088B8204CF84E8A5532B2B8A30B209700A02ADE03EB222CA20D41AB90A
                                                                                                                                                                          Function 00FA6094 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 45e70384550c92488abd77a08bfd9ec1f0fcd40a5ac00b995741d8e3174deded
                                                                                                                                                                          • Instruction ID: 3294591c3c79cf668d46926bc49400ba17920fbf721bb9e542e02a9522965ff4
                                                                                                                                                                          • Opcode Fuzzy Hash: 45e70384550c92488abd77a08bfd9ec1f0fcd40a5ac00b995741d8e3174deded
                                                                                                                                                                          • Instruction Fuzzy Hash: 87C09B356DC00497910CCF04D991575F3769FD7B18725F11DC80623259C134D512BD5C
                                                                                                                                                                          Function 00F71A3C Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2f2ac4c039e226415cfd27810bfffe5b593755495ba3cf863a9ba3a3a4de3272
                                                                                                                                                                          • Instruction ID: 9c757485897f5c1b2c285bb25c128ba2bf8a780a38a6d37f584cb226c2d33d69
                                                                                                                                                                          • Opcode Fuzzy Hash: 2f2ac4c039e226415cfd27810bfffe5b593755495ba3cf863a9ba3a3a4de3272
                                                                                                                                                                          • Instruction Fuzzy Hash: 8EC04C65A590448B9244CEC9E891531B2AC530B209710703A9A47EB261C560D409A509
                                                                                                                                                                          Function 00FA5FD6 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.2156048880.0000000000F61000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F60000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.2156033139.0000000000F60000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156094796.0000000000FC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156112395.0000000000FCC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156213049.000000000111B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156228827.000000000111D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.0000000001130000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156253401.000000000113B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156288600.0000000001147000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156302825.0000000001148000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156325448.000000000116D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156344137.000000000116E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156361633.000000000116F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156376957.0000000001172000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156392419.0000000001174000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156408131.0000000001181000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156430753.0000000001199000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156451981.000000000119C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156470541.00000000011A4000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156486849.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156505481.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156527253.00000000011AE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156547848.00000000011BB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156605335.00000000011BD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156627078.00000000011CB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156648183.00000000011CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156667118.00000000011CF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156686735.00000000011D2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156707162.00000000011DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156749009.00000000011DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156793248.00000000011F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.00000000011F2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156804811.0000000001215000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156845041.0000000001241000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156860303.0000000001242000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001243000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156873977.0000000001248000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156905714.0000000001257000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.2156919188.0000000001258000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_f60000_file.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7cf67cc4473d0fcc569c56f16578f3eaddf8deb2db57490885cc761e4a376a82
                                                                                                                                                                          • Instruction ID: 82ffac450e99396bf212c6a1f14a8036c3161e63474cae2c3c602faa535192c1
                                                                                                                                                                          • Opcode Fuzzy Hash: 7cf67cc4473d0fcc569c56f16578f3eaddf8deb2db57490885cc761e4a376a82
                                                                                                                                                                          • Instruction Fuzzy Hash: A7C09224BE80088BA24CCF18DDA1935F2BA9FCBB18B15F22DC806A325AD134D5129A0C