Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LisectAVT_2403002A_191.exe

Overview

General Information

Sample name:LisectAVT_2403002A_191.exe
Analysis ID:1482443
MD5:96a48d844ea7baae454fe84845e1e581
SHA1:77f0819007790eef6ecd0ec1be0e49669132ad3d
SHA256:dd43fbaaa8a894e08aa200e56c01dea30c346356440c4373082f25f7be4c3154
Tags:exeRiseProStealer
Infos:

Detection

RisePro Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Yara detected RisePro Stealer
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
PE file contains section with special chars
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Uses schtasks.exe or at.exe to add and modify task schedules
Abnormal high CPU Usage
Contains capabilities to detect virtual machines
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Classification

Process Tree

  • System is w10x64
  • LisectAVT_2403002A_191.exe (PID: 2696 cmdline: "C:\Users\user\Desktop\LisectAVT_2403002A_191.exe" MD5: 96A48D844EA7BAAE454FE84845E1E581)
    • schtasks.exe (PID: 4268 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 5900 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • MPGPH131.exe (PID: 3448 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 96A48D844EA7BAAE454FE84845E1E581)
  • MPGPH131.exe (PID: 7120 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 96A48D844EA7BAAE454FE84845E1E581)
  • RageMP131.exe (PID: 1876 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 96A48D844EA7BAAE454FE84845E1E581)
  • RageMP131.exe (PID: 2408 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 96A48D844EA7BAAE454FE84845E1E581)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
    00000007.00000003.2062288442.0000000004820000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
      00000008.00000003.2182605884.0000000004820000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
        0000000A.00000002.3274056165.0000000000571000.00000040.00000001.01000000.00000005.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
          00000006.00000003.2061020285.0000000004640000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
            Click to see the 10 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: CurrentVersion Autorun Keys Modification
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\LisectAVT_2403002A_191.exe, ProcessId: 2696, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RageMP131

            Snort Signatures

            No Snort rule has matched

            Suricata Signatures

            Timestamp:2024-07-25T23:03:41.523769+0200
            SID:2046269
            Source Port:49704
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:03:57.680324+0200
            SID:2046269
            Source Port:49707
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:03:56.303473+0200
            SID:2022930
            Source Port:443
            Destination Port:49708
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:04:04.199047+0200
            SID:2046269
            Source Port:62193
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:03:43.977143+0200
            SID:2046269
            Source Port:49706
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:04:36.902166+0200
            SID:2022930
            Source Port:443
            Destination Port:62194
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:03:38.545862+0200
            SID:2049060
            Source Port:49704
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:03:43.886481+0200
            SID:2046269
            Source Port:49705
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-25T23:03:40.905756+0200
            SID:2049060
            Source Port:49705
            Destination Port:58709
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: LisectAVT_2403002A_191.exeAvira: detected
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeAvira: detection malicious, Label: TR/AD.Nekark.cxjdy
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeAvira: detection malicious, Label: TR/AD.Nekark.cxjdy
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: LisectAVT_2403002A_191.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

            Networking

            barindex
            Connects to many ports of the same IP (likely port scanning)
            Source: global trafficTCP traffic: 193.233.132.62 ports 0,5,7,8,58709,9
            Source: global trafficTCP traffic: 192.168.2.5:49704 -> 193.233.132.62:58709
            Source: Joe Sandbox ViewIP Address: 193.233.132.62 193.233.132.62
            Source: Joe Sandbox ViewIP Address: 193.233.132.62 193.233.132.62
            Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.62
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_0016E0A0 recv,setsockopt,WSAStartup,closesocket,socket,connect,closesocket,0_2_0016E0A0
            Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000003.2062288442.0000000004820000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000003.2182605884.0000000004820000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.3274056165.0000000000571000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000003.2264006131.0000000004450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
            Source: MPGPH131.exe, RageMP131.exeString found in binary or memory: https://ipinfo.io/
            Source: LisectAVT_2403002A_191.exe, 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, LisectAVT_2403002A_191.exe, 00000000.00000003.2033248421.0000000004720000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2061020285.0000000004640000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000003.2062288442.0000000004820000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000003.2182605884.0000000004820000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.3274056165.0000000000571000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000003.2264006131.0000000004450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
            Source: LisectAVT_2403002A_191.exe, 00000000.00000002.3275956463.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3274032651.000000000076D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3274228386.0000000000A08000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3275956134.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3275957814.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORT
            Source: MPGPH131.exe, RageMP131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address

            System Summary

            barindex
            PE file contains section with special chars
            Source: LisectAVT_2403002A_191.exeStatic PE information: section name:
            Source: LisectAVT_2403002A_191.exeStatic PE information: section name: .idata
            Source: RageMP131.exe.0.drStatic PE information: section name:
            Source: RageMP131.exe.0.drStatic PE information: section name: .idata
            Source: MPGPH131.exe.0.drStatic PE information: section name:
            Source: MPGPH131.exe.0.drStatic PE information: section name: .idata
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_0015B6A00_2_0015B6A0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00165B900_2_00165B90
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00167DC00_2_00167DC0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001DE1400_2_001DE140
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001591A00_2_001591A0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001692590_2_00169259
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001DF3600_2_001DF360
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001E63D00_2_001E63D0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_0023646A0_2_0023646A
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_002384A00_2_002384A0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001DE4900_2_001DE490
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001524F00_2_001524F0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001D65500_2_001D6550
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001DF6000_2_001DF600
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001666890_2_00166689
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_002498240_2_00249824
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001DF8100_2_001DF810
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001D98800_2_001D9880
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001E68C00_2_001E68C0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001648E00_2_001648E0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001DE9100_2_001DE910
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001D5B200_2_001D5B20
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_0023BB6D0_2_0023BB6D
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001D6C000_2_001D6C00
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00168C580_2_00168C58
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00232CE00_2_00232CE0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001DBD500_2_001DBD50
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_0022CE100_2_0022CE10
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_0023BEAF0_2_0023BEAF
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00169F500_2_00169F50
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001D3F800_2_001D3F80
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C8B6A06_2_00C8B6A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C97E3E6_2_00C97E3E
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C948E06_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D098806_2_00D09880
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D0F8106_2_00D0F810
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D798246_2_00D79824
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C891A06_2_00C891A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D0E1406_2_00D0E140
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D0E9106_2_00D0E910
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C992596_2_00C99259
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C95B906_2_00C95B90
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D0F3606_2_00D0F360
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D6BB6D6_2_00D6BB6D
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D05B206_2_00D05B20
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D62CE06_2_00D62CE0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C824F06_2_00C824F0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D0E4906_2_00D0E490
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C98C586_2_00C98C58
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D06C006_2_00D06C00
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D065506_2_00D06550
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D0BD506_2_00D0BD50
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D6BEAF6_2_00D6BEAF
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D5CE106_2_00D5CE10
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D0F6006_2_00D0F600
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D03F806_2_00D03F80
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C99F506_2_00C99F50
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C8B6A07_2_00C8B6A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C95B907_2_00C95B90
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C97DC07_2_00C97DC0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C891A07_2_00C891A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D0E1407_2_00D0E140
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C992597_2_00C99259
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D163D07_2_00D163D0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D0F3607_2_00D0F360
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C824F07_2_00C824F0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D0E4907_2_00D0E490
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D065507_2_00D06550
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C966897_2_00C96689
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D0F6007_2_00D0F600
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D168C07_2_00D168C0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C948E07_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D098807_2_00D09880
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D0F8107_2_00D0F810
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D798247_2_00D79824
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D0E9107_2_00D0E910
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D6BB6D7_2_00D6BB6D
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D05B207_2_00D05B20
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D62CE07_2_00D62CE0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C98C587_2_00C98C58
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D06C007_2_00D06C00
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D0BD507_2_00D0BD50
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D6BEAF7_2_00D6BEAF
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D5CE107_2_00D5CE10
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D03F807_2_00D03F80
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C99F507_2_00C99F50
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00587E3E8_2_00587E3E
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_0057B6A08_2_0057B6A0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_006698248_2_00669824
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005FF8108_2_005FF810
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005848E08_2_005848E0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005F98808_2_005F9880
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005FE1408_2_005FE140
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005FE9108_2_005FE910
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005791A08_2_005791A0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005892598_2_00589259
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_0065BB6D8_2_0065BB6D
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005FF3608_2_005FF360
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005F5B208_2_005F5B20
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00585B908_2_00585B90
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00588C588_2_00588C58
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_0065646A8_2_0065646A
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005F6C008_2_005F6C00
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00652CE08_2_00652CE0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005724F08_2_005724F0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_006584A08_2_006584A0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005FE4908_2_005FE490
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005F65508_2_005F6550
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005FBD508_2_005FBD50
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005FF6008_2_005FF600
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_0064CE108_2_0064CE10
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_0065BEAF8_2_0065BEAF
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00589F508_2_00589F50
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005F3F808_2_005F3F80
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: String function: 0022FED0 appears 31 times
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: String function: 00D5FED0 appears 62 times
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: String function: 00D5F4FC appears 46 times
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: String function: 00D6FD51 appears 34 times
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: String function: 0064FED0 appears 31 times
            Source: LisectAVT_2403002A_191.exe, 00000000.00000000.2027697816.0000000000288000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamefilezilla.exe4 vs LisectAVT_2403002A_191.exe
            Source: LisectAVT_2403002A_191.exe, 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamefilezilla.exe4 vs LisectAVT_2403002A_191.exe
            Source: LisectAVT_2403002A_191.exe, 00000000.00000002.3278566813.000000000472D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefilezilla.exe4 vs LisectAVT_2403002A_191.exe
            Source: LisectAVT_2403002A_191.exeBinary or memory string: OriginalFilenamefilezilla.exe4 vs LisectAVT_2403002A_191.exe
            Source: LisectAVT_2403002A_191.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: LisectAVT_2403002A_191.exeStatic PE information: Section: ZLIB complexity 0.9990733225108225
            Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9990733225108225
            Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9990733225108225
            Source: classification engineClassification label: mal100.troj.evad.winEXE@11/5@0/1
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeFile created: C:\Users\user\AppData\Local\RageMP131Jump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5720:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6148:120:WilError_03
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeFile created: C:\Users\user\AppData\Local\Temp\rage131MP.tmpJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCommand line argument: nI%0_2_002548C0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCommand line argument: nIg8_2_006748C0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: MPGPH131.exe, MPGPH131.exe, 00000007.00000003.2062288442.0000000004820000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000003.2182605884.0000000004820000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.3274056165.0000000000571000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000003.2264006131.0000000004450000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
            Source: LisectAVT_2403002A_191.exe, 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, LisectAVT_2403002A_191.exe, 00000000.00000003.2033248421.0000000004720000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2061020285.0000000004640000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000003.2062288442.0000000004820000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000003.2182605884.0000000004820000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.3274056165.0000000000571000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000003.2264006131.0000000004450000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
            Source: LisectAVT_2403002A_191.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: LisectAVT_2403002A_191.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
            Source: MPGPH131.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: MPGPH131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
            Source: MPGPH131.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: MPGPH131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
            Source: RageMP131.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: RageMP131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeFile read: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\LisectAVT_2403002A_191.exe "C:\Users\user\Desktop\LisectAVT_2403002A_191.exe"
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
            Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
            Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
            Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHESTJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHESTJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winmm.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winmm.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dllJump to behavior
            Source: LisectAVT_2403002A_191.exeStatic file information: File size 3159050 > 1048576
            Source: LisectAVT_2403002A_191.exeStatic PE information: Raw size of wnjuhnsz is bigger than: 0x100000 < 0x26cc00

            Data Obfuscation

            barindex
            Detected unpacking (changes PE section rights)
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeUnpacked PE file: 0.2.LisectAVT_2403002A_191.exe.150000.0.unpack :EW;.rsrc:W;.idata :W;wnjuhnsz:EW;unhxerdt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;wnjuhnsz:EW;unhxerdt:EW;.taggant:EW;
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeUnpacked PE file: 6.2.MPGPH131.exe.c80000.0.unpack :EW;.rsrc:W;.idata :W;wnjuhnsz:EW;unhxerdt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;wnjuhnsz:EW;unhxerdt:EW;.taggant:EW;
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeUnpacked PE file: 7.2.MPGPH131.exe.c80000.0.unpack :EW;.rsrc:W;.idata :W;wnjuhnsz:EW;unhxerdt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;wnjuhnsz:EW;unhxerdt:EW;.taggant:EW;
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeUnpacked PE file: 8.2.RageMP131.exe.570000.0.unpack :EW;.rsrc:W;.idata :W;wnjuhnsz:EW;unhxerdt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;wnjuhnsz:EW;unhxerdt:EW;.taggant:EW;
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeUnpacked PE file: 10.2.RageMP131.exe.570000.0.unpack :EW;.rsrc:W;.idata :W;wnjuhnsz:EW;unhxerdt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;wnjuhnsz:EW;unhxerdt:EW;.taggant:EW;
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00169F50 LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,0_2_00169F50
            Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
            Source: RageMP131.exe.0.drStatic PE information: real checksum: 0x308924 should be: 0x30821d
            Source: LisectAVT_2403002A_191.exeStatic PE information: real checksum: 0x308924 should be: 0x30821d
            Source: MPGPH131.exe.0.drStatic PE information: real checksum: 0x308924 should be: 0x30821d
            Source: LisectAVT_2403002A_191.exeStatic PE information: section name:
            Source: LisectAVT_2403002A_191.exeStatic PE information: section name: .idata
            Source: LisectAVT_2403002A_191.exeStatic PE information: section name: wnjuhnsz
            Source: LisectAVT_2403002A_191.exeStatic PE information: section name: unhxerdt
            Source: LisectAVT_2403002A_191.exeStatic PE information: section name: .taggant
            Source: RageMP131.exe.0.drStatic PE information: section name:
            Source: RageMP131.exe.0.drStatic PE information: section name: .idata
            Source: RageMP131.exe.0.drStatic PE information: section name: wnjuhnsz
            Source: RageMP131.exe.0.drStatic PE information: section name: unhxerdt
            Source: RageMP131.exe.0.drStatic PE information: section name: .taggant
            Source: MPGPH131.exe.0.drStatic PE information: section name:
            Source: MPGPH131.exe.0.drStatic PE information: section name: .idata
            Source: MPGPH131.exe.0.drStatic PE information: section name: wnjuhnsz
            Source: MPGPH131.exe.0.drStatic PE information: section name: unhxerdt
            Source: MPGPH131.exe.0.drStatic PE information: section name: .taggant
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_0022FA97 push ecx; ret 0_2_0022FAAA
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00171B20 push esi; ret 0_2_00171B22
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00D5FA97 push ecx; ret 6_2_00D5FAAA
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C97D53 push edi; retf 000Ch6_2_00C97D56
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00D5FA97 push ecx; ret 7_2_00D5FAAA
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00CA1B20 push esi; ret 7_2_00CA1B22
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_0064FA97 push ecx; ret 8_2_0064FAAA
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00587D53 push edi; retf 000Ch8_2_00587D56
            Source: LisectAVT_2403002A_191.exeStatic PE information: section name: entropy: 7.984907273726197
            Source: RageMP131.exe.0.drStatic PE information: section name: entropy: 7.984907273726197
            Source: MPGPH131.exe.0.drStatic PE information: section name: entropy: 7.984907273726197
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeFile created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeJump to dropped file
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file

            Boot Survival

            barindex
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001D3F80 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_001D3F80

            Malware Analysis System Evasion

            barindex
            Tries to detect sandboxes / dynamic malware analysis system (registry check)
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F358 second address: 40F362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F57B8C3A836h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F362 second address: 40F366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F366 second address: 40F381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F57B8C3A83Fh 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F381 second address: 40F3B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnl 00007F57B901D13Ch 0x0000000e pushad 0x0000000f je 00007F57B901D136h 0x00000015 jo 00007F57B901D136h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 push edi 0x00000025 pop edi 0x00000026 pushad 0x00000027 popad 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b pushad 0x0000002c pushad 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F3B7 second address: 40F3C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F57B8C3A836h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F3C2 second address: 40F3CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F3CA second address: 40F3FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A848h 0x00000007 jmp 00007F57B8C3A841h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F3FB second address: 40F3FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F3FF second address: 40F405 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F56E second address: 40F58B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F57B901D143h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F852 second address: 40F85C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F57B8C3A836h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F85C second address: 40F860 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F860 second address: 40F879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F57B8C3A83Ch 0x0000000e jnc 00007F57B8C3A836h 0x00000014 push edi 0x00000015 push esi 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40F9C2 second address: 40F9EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F57B901D13Bh 0x0000000c jmp 00007F57B901D147h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40FB46 second address: 40FB80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F57B8C3A83Fh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F57B8C3A83Bh 0x00000012 jmp 00007F57B8C3A848h 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 434D0B second address: 434D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 432D33 second address: 432D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 432D37 second address: 432D59 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F57B901D136h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F57B901D13Fh 0x0000000f pop edx 0x00000010 push ebx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 432EFE second address: 432F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43307C second address: 433085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 433085 second address: 433089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 433089 second address: 43308F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4331CD second address: 4331D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4331D7 second address: 4331DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4331DD second address: 4331E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43334C second address: 433351 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 433351 second address: 43336D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A842h 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F57B8C3A836h 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43336D second address: 433373 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 433373 second address: 43339B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F57B8C3A83Eh 0x0000000f jmp 00007F57B8C3A840h 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43339B second address: 4333A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F57B901D136h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 433638 second address: 433647 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A83Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 433647 second address: 43366B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F57B901D149h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43366B second address: 433670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 433670 second address: 433686 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F57B901D140h 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 433686 second address: 4336C5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F57B8C3A846h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 popad 0x00000015 jmp 00007F57B8C3A849h 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 428806 second address: 42881B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F57B901D13Bh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 42881B second address: 42881F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 3FF01E second address: 3FF023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 434704 second address: 434710 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F57B8C3A836h 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 434710 second address: 434716 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43487D second address: 434881 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4374F4 second address: 4374F9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4374F9 second address: 437507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 437507 second address: 437519 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D13Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 437519 second address: 437528 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F57B8C3A83Bh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4385D4 second address: 4385E9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F57B901D138h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4385E9 second address: 4385FD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F57B8C3A838h 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43D729 second address: 43D740 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F57B901D13Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43D740 second address: 43D744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43D744 second address: 43D758 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D140h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43D758 second address: 43D78F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jc 00007F57B8C3A836h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 jmp 00007F57B8C3A840h 0x00000016 push esi 0x00000017 pushad 0x00000018 popad 0x00000019 pop esi 0x0000001a popad 0x0000001b mov eax, dword ptr [eax] 0x0000001d push esi 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F57B8C3A83Ch 0x00000025 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43D78F second address: 43D7A3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jo 00007F57B901D136h 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43DDCA second address: 43DDD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43DDD0 second address: 43DDD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43E3F2 second address: 43E3F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43E3F9 second address: 43E421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], ebx 0x0000000a xor dword ptr [ebp+122D2490h], ebx 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F57B901D144h 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43E421 second address: 43E42F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F57B8C3A836h 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43E863 second address: 43E86D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F57B901D136h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43E92F second address: 43E942 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F57B8C3A836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnc 00007F57B8C3A836h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43E942 second address: 43E953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F57B901D138h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43E953 second address: 43E959 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43E959 second address: 43E9B2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F57B901D136h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F57B901D138h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 xor esi, dword ptr [ebp+122D2B6Bh] 0x0000002d xchg eax, ebx 0x0000002e jc 00007F57B901D142h 0x00000034 jl 00007F57B901D13Ch 0x0000003a jnp 00007F57B901D136h 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push esi 0x00000044 jmp 00007F57B901D13Eh 0x00000049 pop esi 0x0000004a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43E9B2 second address: 43E9C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F57B8C3A841h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43EEBA second address: 43EEC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43F86B second address: 43F86F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43F767 second address: 43F771 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F57B901D136h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43F86F second address: 43F8D7 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F57B8C3A836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F57B8C3A838h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D377Ah], esi 0x0000002e push 00000000h 0x00000030 jl 00007F57B8C3A83Ch 0x00000036 mov dword ptr [ebp+122D37F6h], eax 0x0000003c push 00000000h 0x0000003e movsx edi, cx 0x00000041 xchg eax, ebx 0x00000042 jno 00007F57B8C3A83Ch 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F57B8C3A843h 0x00000050 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43F771 second address: 43F775 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 440316 second address: 4403A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F57B8C3A838h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ecx 0x00000028 call 00007F57B8C3A838h 0x0000002d pop ecx 0x0000002e mov dword ptr [esp+04h], ecx 0x00000032 add dword ptr [esp+04h], 00000018h 0x0000003a inc ecx 0x0000003b push ecx 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f mov di, ax 0x00000042 mov dword ptr [ebp+122D259Bh], esi 0x00000048 push 00000000h 0x0000004a add esi, dword ptr [ebp+122D2D13h] 0x00000050 xchg eax, ebx 0x00000051 jmp 00007F57B8C3A83Dh 0x00000056 push eax 0x00000057 pushad 0x00000058 jng 00007F57B8C3A84Dh 0x0000005e jmp 00007F57B8C3A847h 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 popad 0x00000067 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 441722 second address: 44173D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F57B901D147h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4421FD second address: 442201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 440AA0 second address: 440AA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 442201 second address: 442205 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 442205 second address: 44220B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44220B second address: 442215 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F57B8C3A836h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 442BED second address: 442BF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 442CA9 second address: 442CAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 442CAF second address: 442CC8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007F57B901D136h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 je 00007F57B901D136h 0x00000018 popad 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 442CC8 second address: 442CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 443707 second address: 44376E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D145h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b jg 00007F57B901D138h 0x00000011 pop edi 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F57B901D138h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d push ebx 0x0000002e mov si, bx 0x00000031 pop edi 0x00000032 mov edi, 70613D81h 0x00000037 push 00000000h 0x00000039 xor dword ptr [ebp+122D22C4h], ecx 0x0000003f push 00000000h 0x00000041 mov esi, eax 0x00000043 xchg eax, ebx 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 popad 0x0000004a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44376E second address: 443772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 443772 second address: 443778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 443778 second address: 44377D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4485EC second address: 4485F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4485F0 second address: 4485FA instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F57B8C3A836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4485FA second address: 448613 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F57B901D145h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44A70C second address: 44A718 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44BC52 second address: 44BC5C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F57B901D13Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44BC5C second address: 44BC6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a jp 00007F57B8C3A836h 0x00000010 pop ecx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44BC6D second address: 44BCC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D140h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov bx, si 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F57B901D138h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 push 00000000h 0x0000002b xor dword ptr [ebp+122D36A9h], ecx 0x00000031 xchg eax, esi 0x00000032 jbe 00007F57B901D140h 0x00000038 pushad 0x00000039 pushad 0x0000003a popad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44CCCD second address: 44CCD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44BE13 second address: 44BE19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44BE19 second address: 44BE26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44DCCE second address: 44DCD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44DCD2 second address: 44DCDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44EBB1 second address: 44EBB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44EBB7 second address: 44EBBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44DEF1 second address: 44DEF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 44EE33 second address: 44EE43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F57B8C3A83Ch 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 450CDE second address: 450CE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 450CE2 second address: 450D28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A842h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov bx, E19Eh 0x0000000e push 00000000h 0x00000010 mov dword ptr [ebp+122D2FC9h], esi 0x00000016 push 00000000h 0x00000018 mov ebx, 7676ADC6h 0x0000001d xchg eax, esi 0x0000001e jnl 00007F57B8C3A83Eh 0x00000024 push eax 0x00000025 pushad 0x00000026 je 00007F57B8C3A838h 0x0000002c push edi 0x0000002d pop edi 0x0000002e push ebx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 451CD6 second address: 451CDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 452C28 second address: 452C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 452C2D second address: 452C32 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 453D26 second address: 453D2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 453D2C second address: 453D92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D149h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jbe 00007F57B901D13Ch 0x00000013 jbe 00007F57B901D14Dh 0x00000019 popad 0x0000001a nop 0x0000001b push ebx 0x0000001c mov edi, ebx 0x0000001e pop edi 0x0000001f push 00000000h 0x00000021 mov dword ptr [ebp+122D20B0h], eax 0x00000027 push 00000000h 0x00000029 or bx, 0B62h 0x0000002e xchg eax, esi 0x0000002f push eax 0x00000030 push edx 0x00000031 push ebx 0x00000032 push ebx 0x00000033 pop ebx 0x00000034 pop ebx 0x00000035 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 455F14 second address: 455F76 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A845h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop eax 0x00000012 nop 0x00000013 sbb bx, 7AA5h 0x00000018 xor bh, FFFFFFF2h 0x0000001b push 00000000h 0x0000001d stc 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ecx 0x00000023 call 00007F57B8C3A838h 0x00000028 pop ecx 0x00000029 mov dword ptr [esp+04h], ecx 0x0000002d add dword ptr [esp+04h], 0000001Bh 0x00000035 inc ecx 0x00000036 push ecx 0x00000037 ret 0x00000038 pop ecx 0x00000039 ret 0x0000003a mov di, AB3Bh 0x0000003e mov dword ptr [ebp+122D3838h], edx 0x00000044 xchg eax, esi 0x00000045 pushad 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 457FF3 second address: 458072 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F57B901D138h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007F57B901D138h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 mov ebx, dword ptr [ebp+122D1CF8h] 0x0000002f push 00000000h 0x00000031 call 00007F57B901D144h 0x00000036 mov edi, dword ptr [ebp+122D303Bh] 0x0000003c pop ebx 0x0000003d push 00000000h 0x0000003f pushad 0x00000040 sub dword ptr [ebp+122D2079h], eax 0x00000046 mov edx, 2B6448AFh 0x0000004b popad 0x0000004c push eax 0x0000004d pushad 0x0000004e jmp 00007F57B901D142h 0x00000053 jbe 00007F57B901D13Ch 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4560A0 second address: 4560A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 456175 second address: 456179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 45712E second address: 45713C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F57B8C3A836h 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 45DF26 second address: 45DF79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F57B901D145h 0x0000000b popad 0x0000000c push edx 0x0000000d jmp 00007F57B901D141h 0x00000012 pop edx 0x00000013 jmp 00007F57B901D13Fh 0x00000018 popad 0x00000019 jo 00007F57B901D15Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F57B901D13Ah 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 45DF79 second address: 45DF7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 43F75A second address: 43F767 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop eax 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 467D04 second address: 467D08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 3F4E85 second address: 3F4EB0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F57B901D13Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007F57B901D136h 0x00000014 jmp 00007F57B901D147h 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 3F4EB0 second address: 3F4EF3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F57B8C3A844h 0x0000000e jmp 00007F57B8C3A83Bh 0x00000013 jmp 00007F57B8C3A83Ah 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F57B8C3A83Fh 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4669A7 second address: 4669B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4669B3 second address: 4669B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4669B7 second address: 4669CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F57B901D13Fh 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 466FB9 second address: 466FBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 467121 second address: 467144 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F57B901D13Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F57B901D13Fh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 467144 second address: 467148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 46729B second address: 4672A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F57B901D136h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4672A5 second address: 4672AE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4672AE second address: 4672B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4672B4 second address: 4672BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4673F3 second address: 4673FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4673FA second address: 467402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 467402 second address: 467418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jl 00007F57B901D136h 0x00000010 pop esi 0x00000011 pushad 0x00000012 push esi 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 467418 second address: 46741E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 46741E second address: 467423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 467423 second address: 46742A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4675EE second address: 467607 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F57B901D136h 0x00000008 jmp 00007F57B901D13Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 467607 second address: 46760B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 467B43 second address: 467B49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 467B49 second address: 467B4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 467B4F second address: 467B5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D13Bh 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 467B5F second address: 467B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F57B8C3A83Eh 0x0000000f push edi 0x00000010 pop edi 0x00000011 je 00007F57B8C3A836h 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4707C4 second address: 4707C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 407500 second address: 40750D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jbe 00007F57B8C3A83Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 47791D second address: 477921 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 477DAF second address: 477DB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 478218 second address: 47821E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 478EC9 second address: 478ECF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4795DA second address: 4795E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4795E2 second address: 4795E8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 48082E second address: 480834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 480834 second address: 480838 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 480838 second address: 480842 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F57B901D136h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 480842 second address: 480848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 480848 second address: 48084E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 48084E second address: 480863 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F57B8C3A83Bh 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 480863 second address: 480869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 480869 second address: 48086F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 48086F second address: 48088F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F57B901D148h 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 48020A second address: 480210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 480210 second address: 48021E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F57B901D136h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 48021E second address: 480251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F57B8C3A849h 0x00000009 jc 00007F57B8C3A836h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 push esi 0x00000014 pop esi 0x00000015 jnc 00007F57B8C3A836h 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4803EB second address: 4803FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 ja 00007F57B901D142h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 481EEF second address: 481EF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 481EF5 second address: 481F17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F57B901D145h 0x00000011 popad 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 481F17 second address: 481F1C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4009D9 second address: 4009E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4009E2 second address: 4009F5 instructions: 0x00000000 rdtsc 0x00000002 je 00007F57B8C3A836h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4009F5 second address: 4009F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4009F9 second address: 400A12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jns 00007F57B8C3A836h 0x0000000f je 00007F57B8C3A836h 0x00000015 pop edi 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 48D2EE second address: 48D2F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F57B901D136h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 48CE6A second address: 48CE70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 48CE70 second address: 48CE78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 48CFF9 second address: 48CFFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 48CFFF second address: 48D005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 48D005 second address: 48D017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 js 00007F57B8C3A836h 0x0000000e pop ebx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 48D017 second address: 48D04D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F57B901D136h 0x0000000a jnc 00007F57B901D136h 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F57B901D13Bh 0x0000001a jmp 00007F57B901D146h 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 48D04D second address: 48D053 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 495D62 second address: 495D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 495D66 second address: 495D6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 402547 second address: 40254B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40254B second address: 40256D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F57B8C3A84Ch 0x0000000c jmp 00007F57B8C3A846h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 40256D second address: 402573 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 402573 second address: 402577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4A140A second address: 4A1421 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D140h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4B995C second address: 4B9962 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4B9962 second address: 4B9966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4B9966 second address: 4B9977 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnp 00007F57B8C3A836h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4C2353 second address: 4C2361 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4C1EAF second address: 4C1ED4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A83Dh 0x00000007 jnc 00007F57B8C3A836h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F57B8C3A836h 0x00000017 jnl 00007F57B8C3A836h 0x0000001d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4C3E2E second address: 4C3E48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D146h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4C3C60 second address: 4C3CA7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F57B8C3A84Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007F57B8C3A85Bh 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 jnp 00007F57B8C3A836h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jne 00007F57B8C3A836h 0x00000024 jmp 00007F57B8C3A83Bh 0x00000029 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E7016 second address: 4E7020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E7020 second address: 4E7026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E7176 second address: 4E717A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E717A second address: 4E717E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E717E second address: 4E7199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F57B901D140h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E7199 second address: 4E719E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E719E second address: 4E71A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E74A4 second address: 4E74A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E74A8 second address: 4E74E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D146h 0x00000007 jmp 00007F57B901D145h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jl 00007F57B901D136h 0x00000015 js 00007F57B901D136h 0x0000001b popad 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E74E5 second address: 4E74EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E77D9 second address: 4E77E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jbe 00007F57B901D13Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E77E6 second address: 4E7809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F57B8C3A83Eh 0x0000000b jmp 00007F57B8C3A83Fh 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E7963 second address: 4E796E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4E796E second address: 4E7973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4EA9DF second address: 4EA9FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F57B901D146h 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4EAB25 second address: 4EAB55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F57B8C3A836h 0x00000009 jmp 00007F57B8C3A844h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 jmp 00007F57B8C3A83Ah 0x0000001b pop esi 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeRDTSC instruction interceptor: First address: 4EAB55 second address: 4EAB5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F57B901D136h 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F358 second address: F3F362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F57B8C3A836h 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F362 second address: F3F366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F366 second address: F3F381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F57B8C3A83Fh 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F381 second address: F3F3B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnl 00007F57B901D13Ch 0x0000000e pushad 0x0000000f je 00007F57B901D136h 0x00000015 jo 00007F57B901D136h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 push edi 0x00000025 pop edi 0x00000026 pushad 0x00000027 popad 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b pushad 0x0000002c pushad 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F3B7 second address: F3F3C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F57B8C3A836h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F3C2 second address: F3F3CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F3CA second address: F3F3FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A848h 0x00000007 jmp 00007F57B8C3A841h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F3FB second address: F3F3FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F3FF second address: F3F405 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F56E second address: F3F58B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F57B901D143h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F852 second address: F3F85C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F57B8C3A836h 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F85C second address: F3F860 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F860 second address: F3F879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F57B8C3A83Ch 0x0000000e jnc 00007F57B8C3A836h 0x00000014 push edi 0x00000015 push esi 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F9C2 second address: F3F9EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F57B901D13Bh 0x0000000c jmp 00007F57B901D147h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3FB46 second address: F3FB80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F57B8C3A83Fh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F57B8C3A83Bh 0x00000012 jmp 00007F57B8C3A848h 0x00000017 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F358 second address: F3F362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F57B901D136h 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F366 second address: F3F381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F57B901D13Fh 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F381 second address: F3F3B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnl 00007F57B8C3A83Ch 0x0000000e pushad 0x0000000f je 00007F57B8C3A836h 0x00000015 jo 00007F57B8C3A836h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 push edi 0x00000025 pop edi 0x00000026 pushad 0x00000027 popad 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b pushad 0x0000002c pushad 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F3B7 second address: F3F3C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F57B901D136h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F3CA second address: F3F3FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D148h 0x00000007 jmp 00007F57B901D141h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F56E second address: F3F58B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F57B8C3A843h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F852 second address: F3F85C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F57B901D136h 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F860 second address: F3F879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F57B901D13Ch 0x0000000e jnc 00007F57B901D136h 0x00000014 push edi 0x00000015 push esi 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3F9C2 second address: F3F9EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F57B8C3A83Bh 0x0000000c jmp 00007F57B8C3A847h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3FB46 second address: F3FB80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F57B901D13Fh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F57B901D13Bh 0x00000012 jmp 00007F57B901D148h 0x00000017 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F64D0B second address: F64D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F62D33 second address: F62D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F62D37 second address: F62D59 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F57B8C3A836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F57B8C3A83Fh 0x0000000f pop edx 0x00000010 push ebx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F62EFE second address: F62F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6307C second address: F63085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63085 second address: F63089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63089 second address: F6308F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F631CD second address: F631D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F631D7 second address: F631DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F631DD second address: F631E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6334C second address: F63351 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63351 second address: F6336D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D142h 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F57B901D136h 0x0000000f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6336D second address: F63373 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63373 second address: F6339B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F57B901D13Eh 0x0000000f jmp 00007F57B901D140h 0x00000014 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6339B second address: F633A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F57B8C3A836h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63638 second address: F63647 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D13Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63647 second address: F6366B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F57B8C3A849h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6366B second address: F63670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63670 second address: F63686 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F57B8C3A840h 0x0000000b rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63686 second address: F636C5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F57B901D146h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 popad 0x00000015 jmp 00007F57B901D149h 0x0000001a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F58806 second address: F5881B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F57B8C3A83Bh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F5881B second address: F5881F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F2F01E second address: F2F023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F64704 second address: F64710 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F57B901D136h 0x0000000c rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F64710 second address: F64716 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6487D second address: F64881 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F674F4 second address: F674F9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F674F9 second address: F67507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F67507 second address: F67519 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A83Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F67519 second address: F67528 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F57B901D13Bh 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F685D4 second address: F685E9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F57B8C3A838h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F685E9 second address: F685FD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F57B901D138h 0x00000012 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6D729 second address: F6D740 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F57B8C3A83Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6D740 second address: F6D744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6D744 second address: F6D758 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A840h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6D758 second address: F6D78F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jc 00007F57B901D136h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 jmp 00007F57B901D140h 0x00000016 push esi 0x00000017 pushad 0x00000018 popad 0x00000019 pop esi 0x0000001a popad 0x0000001b mov eax, dword ptr [eax] 0x0000001d push esi 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F57B901D13Ch 0x00000025 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6D78F second address: F6D7A3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jo 00007F57B8C3A836h 0x00000014 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6DDCA second address: F6DDD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6DDD0 second address: F6DDD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E3F2 second address: F6E3F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E3F9 second address: F6E421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], ebx 0x0000000a xor dword ptr [ebp+122D2490h], ebx 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F57B8C3A844h 0x00000019 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E421 second address: F6E42F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F57B901D136h 0x0000000e rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E863 second address: F6E86D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F57B8C3A836h 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E92F second address: F6E942 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F57B901D136h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnc 00007F57B901D136h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E942 second address: F6E953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F57B8C3A838h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E953 second address: F6E959 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E959 second address: F6E9B2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F57B8C3A836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F57B8C3A838h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 xor esi, dword ptr [ebp+122D2B6Bh] 0x0000002d xchg eax, ebx 0x0000002e jc 00007F57B8C3A842h 0x00000034 jl 00007F57B8C3A83Ch 0x0000003a jnp 00007F57B8C3A836h 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push esi 0x00000044 jmp 00007F57B8C3A83Eh 0x00000049 pop esi 0x0000004a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E9B2 second address: F6E9C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F57B901D141h 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6EEBA second address: F6EEC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6F86B second address: F6F86F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6F86F second address: F6F8D7 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F57B8C3A836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F57B8C3A838h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D377Ah], esi 0x0000002e push 00000000h 0x00000030 jl 00007F57B8C3A83Ch 0x00000036 mov dword ptr [ebp+122D37F6h], eax 0x0000003c push 00000000h 0x0000003e movsx edi, cx 0x00000041 xchg eax, ebx 0x00000042 jno 00007F57B8C3A83Ch 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F57B8C3A843h 0x00000050 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6F767 second address: F6F771 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F57B901D136h 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6F771 second address: F6F775 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F70316 second address: F703A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F57B901D138h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ecx 0x00000028 call 00007F57B901D138h 0x0000002d pop ecx 0x0000002e mov dword ptr [esp+04h], ecx 0x00000032 add dword ptr [esp+04h], 00000018h 0x0000003a inc ecx 0x0000003b push ecx 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f mov di, ax 0x00000042 mov dword ptr [ebp+122D259Bh], esi 0x00000048 push 00000000h 0x0000004a add esi, dword ptr [ebp+122D2D13h] 0x00000050 xchg eax, ebx 0x00000051 jmp 00007F57B901D13Dh 0x00000056 push eax 0x00000057 pushad 0x00000058 jng 00007F57B901D14Dh 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 popad 0x00000062 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F70AA0 second address: F70AA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F71722 second address: F7173D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F57B901D147h 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F721FD second address: F72201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F72201 second address: F72205 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F72205 second address: F7220B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7220B second address: F72215 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F57B901D136h 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F72BED second address: F72BF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F72CA9 second address: F72CAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F72CAF second address: F72CC8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007F57B8C3A836h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 je 00007F57B8C3A836h 0x00000018 popad 0x00000019 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F72CC8 second address: F72CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F73707 second address: F7376E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A845h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b jg 00007F57B8C3A838h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop edi 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F57B8C3A838h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f push ebx 0x00000030 mov si, bx 0x00000033 pop edi 0x00000034 mov edi, 70613D81h 0x00000039 push 00000000h 0x0000003b xor dword ptr [ebp+122D22C4h], ecx 0x00000041 push 00000000h 0x00000043 mov esi, eax 0x00000045 xchg eax, ebx 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b popad 0x0000004c rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7376E second address: F73772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F73772 second address: F73778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F73778 second address: F7377D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F785EC second address: F785F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F785F0 second address: F785FA instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F57B901D136h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F785FA second address: F78613 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F57B8C3A845h 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7A70C second address: F7A718 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7BC52 second address: F7BC5C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F57B8C3A83Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7BC5C second address: F7BC6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a jp 00007F57B901D136h 0x00000010 pop ecx 0x00000011 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7BC6D second address: F7BCC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A840h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov bx, si 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F57B8C3A838h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 push 00000000h 0x0000002b xor dword ptr [ebp+122D36A9h], ecx 0x00000031 xchg eax, esi 0x00000032 jbe 00007F57B8C3A840h 0x00000038 pushad 0x00000039 pushad 0x0000003a popad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7CCCD second address: F7CCD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7BE13 second address: F7BE19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7BE19 second address: F7BE26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7DCCE second address: F7DCD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7DCD2 second address: F7DCDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7EBB1 second address: F7EBB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7EBB7 second address: F7EBBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7DEF1 second address: F7DEF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F7EE33 second address: F7EE43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F57B901D13Ch 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F80CDE second address: F80CE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F80CE2 second address: F80D28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D142h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov bx, E19Eh 0x0000000e push 00000000h 0x00000010 mov dword ptr [ebp+122D2FC9h], esi 0x00000016 push 00000000h 0x00000018 mov ebx, 7676ADC6h 0x0000001d xchg eax, esi 0x0000001e jnl 00007F57B901D13Eh 0x00000024 push eax 0x00000025 pushad 0x00000026 je 00007F57B901D138h 0x0000002c push edi 0x0000002d pop edi 0x0000002e push ebx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F81CD6 second address: F81CDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F82C28 second address: F82C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F82C2D second address: F82C32 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F83D26 second address: F83D2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F83D2C second address: F83D92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A849h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jbe 00007F57B8C3A83Ch 0x00000013 jbe 00007F57B8C3A84Dh 0x00000019 popad 0x0000001a nop 0x0000001b push ebx 0x0000001c mov edi, ebx 0x0000001e pop edi 0x0000001f push 00000000h 0x00000021 mov dword ptr [ebp+122D20B0h], eax 0x00000027 push 00000000h 0x00000029 or bx, 0B62h 0x0000002e xchg eax, esi 0x0000002f push eax 0x00000030 push edx 0x00000031 push ebx 0x00000032 push ebx 0x00000033 pop ebx 0x00000034 pop ebx 0x00000035 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F85F14 second address: F85F76 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D145h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop eax 0x00000012 nop 0x00000013 sbb bx, 7AA5h 0x00000018 xor bh, FFFFFFF2h 0x0000001b push 00000000h 0x0000001d stc 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ecx 0x00000023 call 00007F57B901D138h 0x00000028 pop ecx 0x00000029 mov dword ptr [esp+04h], ecx 0x0000002d add dword ptr [esp+04h], 0000001Bh 0x00000035 inc ecx 0x00000036 push ecx 0x00000037 ret 0x00000038 pop ecx 0x00000039 ret 0x0000003a mov di, AB3Bh 0x0000003e mov dword ptr [ebp+122D3838h], edx 0x00000044 xchg eax, esi 0x00000045 pushad 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F860A0 second address: F860A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F86175 second address: F86179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F87FF3 second address: F88072 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F57B8C3A838h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007F57B8C3A838h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 mov ebx, dword ptr [ebp+122D1CF8h] 0x0000002f push 00000000h 0x00000031 call 00007F57B8C3A844h 0x00000036 mov edi, dword ptr [ebp+122D303Bh] 0x0000003c pop ebx 0x0000003d push 00000000h 0x0000003f pushad 0x00000040 sub dword ptr [ebp+122D2079h], eax 0x00000046 mov edx, 2B6448AFh 0x0000004b popad 0x0000004c push eax 0x0000004d pushad 0x0000004e jmp 00007F57B8C3A842h 0x00000053 jbe 00007F57B8C3A83Ch 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F8712E second address: F8713C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F57B901D136h 0x0000000e rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F8DF26 second address: F8DF79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F57B8C3A845h 0x0000000b popad 0x0000000c push edx 0x0000000d jmp 00007F57B8C3A841h 0x00000012 pop edx 0x00000013 jmp 00007F57B8C3A83Fh 0x00000018 popad 0x00000019 jo 00007F57B8C3A85Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F57B8C3A83Ah 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F8DF79 second address: F8DF7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97D04 second address: F97D08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F24E85 second address: F24EB0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F57B901D13Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007F57B901D136h 0x00000014 jmp 00007F57B901D147h 0x00000019 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F24EB0 second address: F24EF3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F57B8C3A844h 0x0000000e jmp 00007F57B8C3A83Bh 0x00000013 jmp 00007F57B8C3A83Ah 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F57B8C3A83Fh 0x0000001f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F969A7 second address: F969B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F969B3 second address: F969B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F969B7 second address: F969CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F57B901D13Fh 0x0000000b rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F96FB9 second address: F96FBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97121 second address: F97144 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F57B901D13Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F57B901D13Fh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97144 second address: F97148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F9729B second address: F972A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F57B901D136h 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F972A5 second address: F972AE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F972AE second address: F972B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F972B4 second address: F972BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F973F3 second address: F973FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F973FA second address: F97402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97402 second address: F97418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jl 00007F57B901D136h 0x00000010 pop esi 0x00000011 pushad 0x00000012 push esi 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97418 second address: F9741E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F9741E second address: F97423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97423 second address: F9742A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F975EE second address: F97607 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F57B901D136h 0x00000008 jmp 00007F57B901D13Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97607 second address: F9760B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97B43 second address: F97B49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97B49 second address: F97B4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97B4F second address: F97B5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D13Bh 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97B5F second address: F97B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F57B8C3A83Eh 0x0000000f push edi 0x00000010 pop edi 0x00000011 je 00007F57B8C3A836h 0x00000017 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FA07C4 second address: FA07C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F37500 second address: F3750D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jbe 00007F57B8C3A83Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FA791D second address: FA7921 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FA7DAF second address: FA7DB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FA8218 second address: FA821E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FA8EC9 second address: FA8ECF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FA95DA second address: FA95E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FA95E2 second address: FA95E8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB082E second address: FB0834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB0834 second address: FB0838 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB0838 second address: FB0842 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F57B901D136h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB0842 second address: FB0848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB0848 second address: FB084E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB084E second address: FB0863 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F57B8C3A83Bh 0x0000000f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB0863 second address: FB0869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB0869 second address: FB086F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB086F second address: FB088F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F57B901D148h 0x0000000d rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB020A second address: FB0210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB0210 second address: FB021E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F57B901D136h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB021E second address: FB0251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F57B8C3A849h 0x00000009 jc 00007F57B8C3A836h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 push esi 0x00000014 pop esi 0x00000015 jnc 00007F57B8C3A836h 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB03EB second address: FB03FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 ja 00007F57B901D142h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB1EEF second address: FB1EF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB1EF5 second address: FB1F17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F57B901D145h 0x00000011 popad 0x00000012 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FB1F17 second address: FB1F1C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F309D9 second address: F309E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F309E2 second address: F309F5 instructions: 0x00000000 rdtsc 0x00000002 je 00007F57B8C3A836h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F309F5 second address: F309F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F309F9 second address: F30A12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jns 00007F57B8C3A836h 0x0000000f je 00007F57B8C3A836h 0x00000015 pop edi 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6F75A second address: F6F767 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop eax 0x0000000d rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FBD2EE second address: FBD2F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F57B8C3A836h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FBCE6A second address: FBCE70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FBCE70 second address: FBCE78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FBCFF9 second address: FBCFFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FBCFFF second address: FBD005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FBD005 second address: FBD017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 js 00007F57B901D136h 0x0000000e pop ebx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FBD017 second address: FBD04D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F57B8C3A836h 0x0000000a jnc 00007F57B8C3A836h 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F57B8C3A83Bh 0x0000001a jmp 00007F57B8C3A846h 0x0000001f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FBD04D second address: FBD053 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FC5D62 second address: FC5D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FC5D66 second address: FC5D6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F32547 second address: F3254B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3254B second address: F3256D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F57B901D14Ch 0x0000000c jmp 00007F57B901D146h 0x00000011 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3256D second address: F32573 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F32573 second address: F32577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FD140A second address: FD1421 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A840h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63351 second address: F6336D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A842h 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F57B8C3A836h 0x0000000f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63373 second address: F6339B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F57B8C3A83Eh 0x0000000f jmp 00007F57B8C3A840h 0x00000014 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6339B second address: F633A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F57B901D136h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63638 second address: F63647 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A83Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63647 second address: F6366B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F57B901D149h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63670 second address: F63686 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F57B901D140h 0x0000000b rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F63686 second address: F636C5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F57B8C3A846h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 popad 0x00000015 jmp 00007F57B8C3A849h 0x0000001a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F58806 second address: F5881B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F57B901D13Bh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F64704 second address: F64710 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F57B8C3A836h 0x0000000c rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F67507 second address: F67519 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D13Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F67519 second address: F67528 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F57B8C3A83Bh 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F685D4 second address: F685E9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F57B901D138h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F685E9 second address: F685FD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F57B8C3A838h 0x00000012 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6D729 second address: F6D740 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F57B901D13Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6D744 second address: F6D758 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D140h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6D758 second address: F6D78F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jc 00007F57B8C3A836h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 jmp 00007F57B8C3A840h 0x00000016 push esi 0x00000017 pushad 0x00000018 popad 0x00000019 pop esi 0x0000001a popad 0x0000001b mov eax, dword ptr [eax] 0x0000001d push esi 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F57B8C3A83Ch 0x00000025 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6D78F second address: F6D7A3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jo 00007F57B901D136h 0x00000014 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E3F9 second address: F6E421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], ebx 0x0000000a xor dword ptr [ebp+122D2490h], ebx 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F57B901D144h 0x00000019 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E421 second address: F6E42F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F57B8C3A836h 0x0000000e rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E863 second address: F6E86D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F57B901D136h 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E92F second address: F6E942 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F57B8C3A836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnc 00007F57B8C3A836h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E942 second address: F6E953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F57B901D138h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E959 second address: F6E9B2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F57B901D136h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F57B901D138h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 xor esi, dword ptr [ebp+122D2B6Bh] 0x0000002d xchg eax, ebx 0x0000002e jc 00007F57B901D142h 0x00000034 jl 00007F57B901D13Ch 0x0000003a jnp 00007F57B901D136h 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push esi 0x00000044 jmp 00007F57B901D13Eh 0x00000049 pop esi 0x0000004a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6E9B2 second address: F6E9C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F57B8C3A841h 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6F86F second address: F6F8D7 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F57B901D136h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F57B901D138h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D377Ah], esi 0x0000002e push 00000000h 0x00000030 jl 00007F57B901D13Ch 0x00000036 mov dword ptr [ebp+122D37F6h], eax 0x0000003c push 00000000h 0x0000003e movsx edi, cx 0x00000041 xchg eax, ebx 0x00000042 jno 00007F57B901D13Ch 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F57B901D143h 0x00000050 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F6F767 second address: F6F771 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F57B8C3A836h 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F70316 second address: F703A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F57B8C3A838h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ecx 0x00000028 call 00007F57B8C3A838h 0x0000002d pop ecx 0x0000002e mov dword ptr [esp+04h], ecx 0x00000032 add dword ptr [esp+04h], 00000018h 0x0000003a inc ecx 0x0000003b push ecx 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f mov di, ax 0x00000042 mov dword ptr [ebp+122D259Bh], esi 0x00000048 push 00000000h 0x0000004a add esi, dword ptr [ebp+122D2D13h] 0x00000050 xchg eax, ebx 0x00000051 jmp 00007F57B8C3A83Dh 0x00000056 push eax 0x00000057 pushad 0x00000058 jng 00007F57B8C3A84Dh 0x0000005e jmp 00007F57B8C3A847h 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 popad 0x00000067 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FE995C second address: FE9962 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FE9962 second address: FE9966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FE9966 second address: FE9977 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnp 00007F57B901D136h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F87FF3 second address: F88072 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F57B901D138h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007F57B901D138h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 mov ebx, dword ptr [ebp+122D1CF8h] 0x0000002f push 00000000h 0x00000031 call 00007F57B901D144h 0x00000036 mov edi, dword ptr [ebp+122D303Bh] 0x0000003c pop ebx 0x0000003d push 00000000h 0x0000003f pushad 0x00000040 sub dword ptr [ebp+122D2079h], eax 0x00000046 mov edx, 2B6448AFh 0x0000004b popad 0x0000004c push eax 0x0000004d pushad 0x0000004e jmp 00007F57B901D142h 0x00000053 jbe 00007F57B901D13Ch 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F8712E second address: F8713C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F57B8C3A836h 0x0000000e rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F8DF26 second address: F8DF79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F57B901D145h 0x0000000b popad 0x0000000c push edx 0x0000000d jmp 00007F57B901D141h 0x00000012 pop edx 0x00000013 jmp 00007F57B901D13Fh 0x00000018 popad 0x00000019 jo 00007F57B901D15Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F57B901D13Ah 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F24E85 second address: F24EB0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F57B8C3A83Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007F57B8C3A836h 0x00000014 jmp 00007F57B8C3A847h 0x00000019 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F24EB0 second address: F24EF3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F57B901D144h 0x0000000e jmp 00007F57B901D13Bh 0x00000013 jmp 00007F57B901D13Ah 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F57B901D13Fh 0x0000001f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F969B7 second address: F969CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F57B8C3A83Fh 0x0000000b rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97121 second address: F97144 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F57B8C3A83Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F57B8C3A83Fh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F9729B second address: F972A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F57B8C3A836h 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97402 second address: F97418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jl 00007F57B8C3A836h 0x00000010 pop esi 0x00000011 pushad 0x00000012 push esi 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F975EE second address: F97607 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F57B8C3A836h 0x00000008 jmp 00007F57B8C3A83Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97B4F second address: F97B5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A83Bh 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F97B5F second address: F97B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F57B901D13Eh 0x0000000f push edi 0x00000010 pop edi 0x00000011 je 00007F57B901D136h 0x00000017 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F37500 second address: F3750D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jbe 00007F57B901D13Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FF2353 second address: FF2361 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FF1EAF second address: FF1ED4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D13Dh 0x00000007 jnc 00007F57B901D136h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F57B901D136h 0x00000017 jnl 00007F57B901D136h 0x0000001d rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FF3E2E second address: FF3E48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A846h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FF3C60 second address: FF3CA7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F57B901D14Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007F57B901D15Bh 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 jnp 00007F57B901D136h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jne 00007F57B901D136h 0x00000024 jmp 00007F57B901D13Bh 0x00000029 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 1017016 second address: 1017020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 1017020 second address: 1017026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 1017176 second address: 101717A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 101717A second address: 101717E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 101717E second address: 1017199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F57B8C3A840h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 1017199 second address: 101719E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 101719E second address: 10171A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 10174A4 second address: 10174A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 10174A8 second address: 10174E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A846h 0x00000007 jmp 00007F57B8C3A845h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jl 00007F57B8C3A836h 0x00000015 js 00007F57B8C3A836h 0x0000001b popad 0x0000001c rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 10174E5 second address: 10174EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 10177D9 second address: 10177E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jbe 00007F57B8C3A83Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 10177E6 second address: 1017809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F57B901D13Eh 0x0000000b jmp 00007F57B901D13Fh 0x00000010 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 1017963 second address: 101796E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 101796E second address: 1017973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 101A9DF second address: 101A9FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F57B8C3A846h 0x0000000f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 101AB25 second address: 101AB55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F57B901D136h 0x00000009 jmp 00007F57B901D144h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 jmp 00007F57B901D13Ah 0x0000001b pop esi 0x0000001c rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 101AB55 second address: 101AB5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F57B8C3A836h 0x0000000a rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FBD2EE second address: FBD2F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F57B901D136h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FBD005 second address: FBD017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 js 00007F57B8C3A836h 0x0000000e pop ebx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FBD017 second address: FBD04D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F57B901D136h 0x0000000a jnc 00007F57B901D136h 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F57B901D13Bh 0x0000001a jmp 00007F57B901D146h 0x0000001f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: F3254B second address: F3256D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F57B8C3A84Ch 0x0000000c jmp 00007F57B8C3A846h 0x00000011 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FD140A second address: FD1421 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D140h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FE9966 second address: FE9977 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnp 00007F57B8C3A836h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FF1EAF second address: FF1ED4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A83Dh 0x00000007 jnc 00007F57B8C3A836h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F57B8C3A836h 0x00000017 jnl 00007F57B8C3A836h 0x0000001d rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FF3E2E second address: FF3E48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D146h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: FF3C60 second address: FF3CA7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F57B8C3A84Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007F57B8C3A85Bh 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 jnp 00007F57B8C3A836h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jne 00007F57B8C3A836h 0x00000024 jmp 00007F57B8C3A83Bh 0x00000029 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 101717E second address: 1017199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F57B901D140h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 10174A8 second address: 10174E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B901D146h 0x00000007 jmp 00007F57B901D145h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jl 00007F57B901D136h 0x00000015 js 00007F57B901D136h 0x0000001b popad 0x0000001c rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 10177D9 second address: 10177E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jbe 00007F57B901D13Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 10177E6 second address: 1017809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F57B8C3A83Eh 0x0000000b jmp 00007F57B8C3A83Fh 0x00000010 rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 101A9DF second address: 101A9FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F57B901D146h 0x0000000f rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 101AB25 second address: 101AB55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F57B8C3A836h 0x00000009 jmp 00007F57B8C3A844h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 jmp 00007F57B8C3A83Ah 0x0000001b pop esi 0x0000001c rdtsc
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeRDTSC instruction interceptor: First address: 101AB55 second address: 101AB5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F57B901D136h 0x0000000a rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F358 second address: 82F362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F57B8C3A836h 0x0000000a rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F362 second address: 82F366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F366 second address: 82F381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F57B8C3A83Fh 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F381 second address: 82F3B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnl 00007F57B901D13Ch 0x0000000e pushad 0x0000000f je 00007F57B901D136h 0x00000015 jo 00007F57B901D136h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 push edi 0x00000025 pop edi 0x00000026 pushad 0x00000027 popad 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b pushad 0x0000002c pushad 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F3B7 second address: 82F3C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F57B8C3A836h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F3C2 second address: 82F3CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F3CA second address: 82F3FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F57B8C3A848h 0x00000007 jmp 00007F57B8C3A841h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F3FB second address: 82F3FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F3FF second address: 82F405 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F56E second address: 82F58B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F57B901D143h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F852 second address: 82F85C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F57B8C3A836h 0x0000000a rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F85C second address: 82F860 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F860 second address: 82F879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F57B8C3A83Ch 0x0000000e jnc 00007F57B8C3A836h 0x00000014 push edi 0x00000015 push esi 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82F9C2 second address: 82F9EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F57B901D13Bh 0x0000000c jmp 00007F57B901D147h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 82FB46 second address: 82FB80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F57B8C3A83Fh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F57B8C3A83Bh 0x00000012 jmp 00007F57B8C3A848h 0x00000017 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 854D0B second address: 854D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 852D33 second address: 852D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 852D37 second address: 852D59 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F57B901D136h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F57B901D13Fh 0x0000000f pop edx 0x00000010 push ebx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 852EFE second address: 852F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 85307C second address: 853085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 853085 second address: 853089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRDTSC instruction interceptor: First address: 853089 second address: 85308F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Tries to evade debugger and weak emulator (self modifying code)
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeSpecial instruction interceptor: First address: 48AB62 instructions caused by: Self-modifying code
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeSpecial instruction interceptor: First address: FBAB62 instructions caused by: Self-modifying code
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSpecial instruction interceptor: First address: 8AAB62 instructions caused by: Self-modifying code
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeWindow / User API: threadDelayed 1401Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 1088Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 423Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 1017Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 416Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 1217Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 1079Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 1109Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 1182Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 1234Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exe TID: 5044Thread sleep count: 34 > 30Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exe TID: 5044Thread sleep time: -68034s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exe TID: 4616Thread sleep count: 38 > 30Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exe TID: 4616Thread sleep time: -76038s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exe TID: 5820Thread sleep count: 294 > 30Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exe TID: 6252Thread sleep count: 247 > 30Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exe TID: 2792Thread sleep count: 1401 > 30Jump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exe TID: 2792Thread sleep time: -2803401s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 1172Thread sleep count: 115 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 1172Thread sleep time: -230115s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5280Thread sleep count: 126 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5280Thread sleep time: -252126s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 4748Thread sleep count: 1088 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 4748Thread sleep time: -109888s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 3692Thread sleep count: 423 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 3692Thread sleep count: 115 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5524Thread sleep count: 122 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5524Thread sleep time: -244122s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 6156Thread sleep count: 95 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 6156Thread sleep time: -190095s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5324Thread sleep count: 96 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5324Thread sleep time: -192096s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5676Thread sleep count: 115 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5676Thread sleep time: -230115s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 3992Thread sleep count: 110 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 3992Thread sleep time: -220110s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5756Thread sleep count: 1017 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 5756Thread sleep time: -102717s >= -30000sJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 320Thread sleep count: 416 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 320Thread sleep count: 149 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 3500Thread sleep count: 135 > 30Jump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 3500Thread sleep time: -270135s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 6148Thread sleep time: -40020s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 5248Thread sleep count: 1217 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 5248Thread sleep time: -2435217s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 5636Thread sleep count: 93 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 5636Thread sleep count: 265 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 2320Thread sleep count: 222 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 4320Thread sleep count: 1079 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 4320Thread sleep time: -2159079s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 4220Thread sleep count: 1109 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 4220Thread sleep time: -2219109s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 5252Thread sleep time: -42021s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 6096Thread sleep count: 1182 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 6096Thread sleep time: -2365182s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 2260Thread sleep count: 289 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 6384Thread sleep count: 248 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 5296Thread sleep count: 1234 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 5296Thread sleep time: -2469234s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeLast function: Thread delayed
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeLast function: Thread delayed
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeLast function: Thread delayed
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001B9610 GetKeyboardLayoutList followed by cmp: cmp ecx, edx and CTI: je 001B962Ah0_2_001B9610
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001B7750 GetKeyboardLayoutList followed by cmp: cmp eax, 0eh and CTI: jc 001B7760h country: Hungarian (hu)0_2_001B7750
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001B7780 GetKeyboardLayoutList followed by cmp: cmp eax, 21h and CTI: jc 001B7790h country: Indonesian (id)0_2_001B7780
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001B7D40 GetKeyboardLayoutList followed by cmp: cmp eax, 2eh and CTI: jc 001B7D50h country: Upper Sorbian (hsb)0_2_001B7D40
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00CE7D40 GetKeyboardLayoutList followed by cmp: cmp eax, 2eh and CTI: jc 00CE7D50h country: Upper Sorbian (hsb)6_2_00CE7D40
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00CE9610 GetKeyboardLayoutList followed by cmp: cmp ecx, edx and CTI: je 00CE962Ah6_2_00CE9610
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00CE7780 GetKeyboardLayoutList followed by cmp: cmp eax, 21h and CTI: jc 00CE7790h country: Indonesian (id)6_2_00CE7780
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00CE7750 GetKeyboardLayoutList followed by cmp: cmp eax, 0eh and CTI: jc 00CE7760h country: Hungarian (hu)6_2_00CE7750
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00CE9610 GetKeyboardLayoutList followed by cmp: cmp ecx, edx and CTI: je 00CE962Ah7_2_00CE9610
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00CE7780 GetKeyboardLayoutList followed by cmp: cmp eax, 21h and CTI: jc 00CE7790h country: Indonesian (id)7_2_00CE7780
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00CE7750 GetKeyboardLayoutList followed by cmp: cmp eax, 0eh and CTI: jc 00CE7760h country: Hungarian (hu)7_2_00CE7750
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00CE7D40 GetKeyboardLayoutList followed by cmp: cmp eax, 2eh and CTI: jc 00CE7D50h country: Upper Sorbian (hsb)7_2_00CE7D40
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005D7D40 GetKeyboardLayoutList followed by cmp: cmp eax, 2eh and CTI: jc 005D7D50h country: Upper Sorbian (hsb)8_2_005D7D40
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005D9610 GetKeyboardLayoutList followed by cmp: cmp ecx, edx and CTI: je 005D962Ah8_2_005D9610
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005D7750 GetKeyboardLayoutList followed by cmp: cmp eax, 0eh and CTI: jc 005D7760h country: Hungarian (hu)8_2_005D7750
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005D7780 GetKeyboardLayoutList followed by cmp: cmp eax, 21h and CTI: jc 005D7790h country: Indonesian (id)8_2_005D7780
            Source: LisectAVT_2403002A_191.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
            Source: RageMP131.exe, 00000008.00000002.3275956134.0000000000EDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\
            Source: LisectAVT_2403002A_191.exe, 00000000.00000002.3275956463.0000000000E6F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 3c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_78BF175D`
            Source: MPGPH131.exe, 00000007.00000002.3274228386.0000000000A42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_78BF175D
            Source: RageMP131.exe, 0000000A.00000002.3274007853.000000000055D000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
            Source: MPGPH131.exe, 00000007.00000002.3274228386.0000000000A08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}tP
            Source: MPGPH131.exe, 00000007.00000003.2073921795.0000000000A42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}x
            Source: MPGPH131.exe, 00000006.00000002.3274032651.000000000076D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlli
            Source: RageMP131.exe, 00000008.00000002.3275956134.0000000000E90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000VISION=8f08ProgramData=C:\PrL
            Source: MPGPH131.exe, 00000006.00000002.3273997793.000000000073C000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}v
            Source: MPGPH131.exe, 00000007.00000003.2073921795.0000000000A40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
            Source: MPGPH131.exe, 00000006.00000002.3274032651.000000000076D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: y\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000s\user\AppData\Local\Temp\h
            Source: RageMP131.exe, 0000000A.00000002.3275957814.0000000000B32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}/
            Source: LisectAVT_2403002A_191.exe, 00000000.00000002.3275956463.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll`
            Source: RageMP131.exe, 00000008.00000002.3275956134.0000000000E90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000=Q
            Source: RageMP131.exe, 0000000A.00000002.3275957814.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.
            Source: RageMP131.exe, 0000000A.00000002.3275957814.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: RageMP131.exe, 0000000A.00000002.3275957814.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&
            Source: MPGPH131.exe, 00000006.00000002.3274032651.00000000007AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (w#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
            Source: MPGPH131.exe, 00000007.00000002.3274228386.0000000000A08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
            Source: LisectAVT_2403002A_191.exe, 00000000.00000002.3275714719.00000000009AC000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&0000
            Source: MPGPH131.exe, 00000006.00000002.3274032651.00000000007AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
            Source: RageMP131.exe, 0000000A.00000002.3275957814.0000000000B32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scsi#disk&ven_vmware&proQ
            Source: RageMP131.exe, 0000000A.00000003.2275959248.0000000000B32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.
            Source: LisectAVT_2403002A_191.exe, 00000000.00000002.3275956463.0000000000E6F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 3c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_78BF175D
            Source: RageMP131.exe, 00000008.00000002.3275956134.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_78BF175D
            Source: MPGPH131.exe, 00000007.00000002.3274228386.0000000000A08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll>
            Source: LisectAVT_2403002A_191.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
            Source: MPGPH131.exe, 00000007.00000002.3274228386.0000000000A08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}&Ph7
            Source: MPGPH131.exe, 00000006.00000002.3274032651.000000000076D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
            Source: RageMP131.exe, 00000008.00000002.3275956134.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00169F50 LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,0_2_00169F50
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00165B90 mov ecx, dword ptr fs:[00000030h]0_2_00165B90
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_0016C0A0 mov eax, dword ptr fs:[00000030h]0_2_0016C0A0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_0016C0A0 mov eax, dword ptr fs:[00000030h]0_2_0016C0A0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00164100 mov eax, dword ptr fs:[00000030h]0_2_00164100
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_0016C0A0 mov eax, dword ptr fs:[00000030h]0_2_0016C0A0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00165498 mov eax, dword ptr fs:[00000030h]0_2_00165498
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_0016C0A0 mov eax, dword ptr fs:[00000030h]0_2_0016C0A0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001657B8 mov eax, dword ptr fs:[00000030h]0_2_001657B8
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001648E0 mov eax, dword ptr fs:[00000030h]0_2_001648E0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001648E0 mov eax, dword ptr fs:[00000030h]0_2_001648E0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001648E0 mov eax, dword ptr fs:[00000030h]0_2_001648E0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001648E0 mov eax, dword ptr fs:[00000030h]0_2_001648E0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001648E0 mov eax, dword ptr fs:[00000030h]0_2_001648E0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001648E0 mov eax, dword ptr fs:[00000030h]0_2_001648E0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001648E0 mov eax, dword ptr fs:[00000030h]0_2_001648E0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001648E0 mov eax, dword ptr fs:[00000030h]0_2_001648E0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001648E0 mov eax, dword ptr fs:[00000030h]0_2_001648E0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001648E0 mov eax, dword ptr fs:[00000030h]0_2_001648E0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001648E0 mov eax, dword ptr fs:[00000030h]0_2_001648E0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_001648E0 mov eax, dword ptr fs:[00000030h]0_2_001648E0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_0016C0A0 mov eax, dword ptr fs:[00000030h]0_2_0016C0A0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00164DC9 mov eax, dword ptr fs:[00000030h]0_2_00164DC9
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C948E0 mov eax, dword ptr fs:[00000030h]6_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C948E0 mov eax, dword ptr fs:[00000030h]6_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C948E0 mov eax, dword ptr fs:[00000030h]6_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C948E0 mov eax, dword ptr fs:[00000030h]6_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C948E0 mov eax, dword ptr fs:[00000030h]6_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C948E0 mov eax, dword ptr fs:[00000030h]6_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C948E0 mov eax, dword ptr fs:[00000030h]6_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C948E0 mov eax, dword ptr fs:[00000030h]6_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C948E0 mov eax, dword ptr fs:[00000030h]6_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C948E0 mov eax, dword ptr fs:[00000030h]6_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C948E0 mov eax, dword ptr fs:[00000030h]6_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C948E0 mov eax, dword ptr fs:[00000030h]6_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C9C0A0 mov eax, dword ptr fs:[00000030h]6_2_00C9C0A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C94100 mov eax, dword ptr fs:[00000030h]6_2_00C94100
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C9C0A0 mov eax, dword ptr fs:[00000030h]6_2_00C9C0A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C9C0A0 mov eax, dword ptr fs:[00000030h]6_2_00C9C0A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C9C0A0 mov eax, dword ptr fs:[00000030h]6_2_00C9C0A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C95498 mov eax, dword ptr fs:[00000030h]6_2_00C95498
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C94DC9 mov eax, dword ptr fs:[00000030h]6_2_00C94DC9
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C9C0A0 mov eax, dword ptr fs:[00000030h]6_2_00C9C0A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00C957B8 mov eax, dword ptr fs:[00000030h]6_2_00C957B8
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C95B90 mov ecx, dword ptr fs:[00000030h]7_2_00C95B90
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C9C0A0 mov eax, dword ptr fs:[00000030h]7_2_00C9C0A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C94100 mov eax, dword ptr fs:[00000030h]7_2_00C94100
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C9C0A0 mov eax, dword ptr fs:[00000030h]7_2_00C9C0A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C9C0A0 mov eax, dword ptr fs:[00000030h]7_2_00C9C0A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C95498 mov eax, dword ptr fs:[00000030h]7_2_00C95498
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C9C0A0 mov eax, dword ptr fs:[00000030h]7_2_00C9C0A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C957B8 mov eax, dword ptr fs:[00000030h]7_2_00C957B8
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C948E0 mov eax, dword ptr fs:[00000030h]7_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C948E0 mov eax, dword ptr fs:[00000030h]7_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C948E0 mov eax, dword ptr fs:[00000030h]7_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C948E0 mov eax, dword ptr fs:[00000030h]7_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C948E0 mov eax, dword ptr fs:[00000030h]7_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C948E0 mov eax, dword ptr fs:[00000030h]7_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C948E0 mov eax, dword ptr fs:[00000030h]7_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C948E0 mov eax, dword ptr fs:[00000030h]7_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C948E0 mov eax, dword ptr fs:[00000030h]7_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C948E0 mov eax, dword ptr fs:[00000030h]7_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C948E0 mov eax, dword ptr fs:[00000030h]7_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C948E0 mov eax, dword ptr fs:[00000030h]7_2_00C948E0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C9C0A0 mov eax, dword ptr fs:[00000030h]7_2_00C9C0A0
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 7_2_00C94DC9 mov eax, dword ptr fs:[00000030h]7_2_00C94DC9
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005848E0 mov eax, dword ptr fs:[00000030h]8_2_005848E0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005848E0 mov eax, dword ptr fs:[00000030h]8_2_005848E0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005848E0 mov eax, dword ptr fs:[00000030h]8_2_005848E0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005848E0 mov eax, dword ptr fs:[00000030h]8_2_005848E0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005848E0 mov eax, dword ptr fs:[00000030h]8_2_005848E0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005848E0 mov eax, dword ptr fs:[00000030h]8_2_005848E0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005848E0 mov eax, dword ptr fs:[00000030h]8_2_005848E0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005848E0 mov eax, dword ptr fs:[00000030h]8_2_005848E0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005848E0 mov eax, dword ptr fs:[00000030h]8_2_005848E0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005848E0 mov eax, dword ptr fs:[00000030h]8_2_005848E0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005848E0 mov eax, dword ptr fs:[00000030h]8_2_005848E0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005848E0 mov eax, dword ptr fs:[00000030h]8_2_005848E0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_0058C0A0 mov eax, dword ptr fs:[00000030h]8_2_0058C0A0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_0058C0A0 mov eax, dword ptr fs:[00000030h]8_2_0058C0A0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00584100 mov eax, dword ptr fs:[00000030h]8_2_00584100
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_0058C0A0 mov eax, dword ptr fs:[00000030h]8_2_0058C0A0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_0058C0A0 mov eax, dword ptr fs:[00000030h]8_2_0058C0A0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00585498 mov eax, dword ptr fs:[00000030h]8_2_00585498
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_00584DC9 mov eax, dword ptr fs:[00000030h]8_2_00584DC9
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_0058C0A0 mov eax, dword ptr fs:[00000030h]8_2_0058C0A0
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 8_2_005857B8 mov eax, dword ptr fs:[00000030h]8_2_005857B8
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00164400 cpuid 0_2_00164400
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_0022F26A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_0022F26A
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeCode function: 0_2_00167DC0 GetUserNameA,GetFileAttributesA,__Mtx_unlock,__Mtx_unlock,CopyFileA,RegOpenKeyExA,RegSetValueExA,GetFileAttributesA,__Mtx_unlock,__Mtx_unlock,CopyFileA,0_2_00167DC0
            Source: C:\Users\user\Desktop\LisectAVT_2403002A_191.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected RisePro Stealer
            Source: Yara matchFile source: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000003.2062288442.0000000004820000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2182605884.0000000004820000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3274056165.0000000000571000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000003.2061020285.0000000004640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2264006131.0000000004450000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.2033248421.0000000004720000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: LisectAVT_2403002A_191.exe PID: 2696, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 3448, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 7120, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 1876, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 2408, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected RisePro Stealer
            Source: Yara matchFile source: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000003.2062288442.0000000004820000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000003.2182605884.0000000004820000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.3274056165.0000000000571000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000003.2061020285.0000000004640000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.2264006131.0000000004450000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.2033248421.0000000004720000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: LisectAVT_2403002A_191.exe PID: 2696, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 3448, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 7120, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 1876, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 2408, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
            Command and Scripting Interpreter            		1
            Scheduled Task/Job            		1
            Process Injection            		1
            Masquerading            		OS Credential Dumping1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Scheduled Task/Job            		1
            Registry Run Keys / Startup Folder            		1
            Scheduled Task/Job            		2
            Virtualization/Sandbox Evasion            		LSASS Memory311
            Security Software Discovery            		Remote Desktop ProtocolData from Removable Media1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Registry Run Keys / Startup Folder            		1
            Process Injection            		Security Account Manager2
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive1
            Ingress Tool Transfer            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
            Obfuscated Files or Information            		LSA Secrets1
            Account Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
            Software Packing            		Cached Domain Credentials1
            System Owner/User Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            DLL Side-Loading            		DCSync233
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1482443 Sample: LisectAVT_2403002A_191.exe Startdate: 25/07/2024 Architecture: WINDOWS Score: 100 36 Antivirus / Scanner detection for submitted sample 2->36 38 Yara detected RisePro Stealer 2->38 40 Connects to many ports of the same IP (likely port scanning) 2->40 42 2 other signatures 2->42 7 LisectAVT_2403002A_191.exe 1 9 2->7         started        12 MPGPH131.exe 2 2->12         started        14 RageMP131.exe 2 2->14         started        16 2 other processes 2->16 process3 dnsIp4 34 193.233.132.62, 49704, 49705, 49706 FREE-NET-ASFREEnetEU Russian Federation 7->34 26 C:\Users\user\AppData\Local\...\RageMP131.exe, PE32 7->26 dropped 28 C:\ProgramData\MPGPH131\MPGPH131.exe, PE32 7->28 dropped 30 C:\Users\...\RageMP131.exe:Zone.Identifier, ASCII 7->30 dropped 32 C:\...\MPGPH131.exe:Zone.Identifier, ASCII 7->32 dropped 44 Detected unpacking (changes PE section rights) 7->44 46 Uses schtasks.exe or at.exe to add and modify task schedules 7->46 48 Tries to evade debugger and weak emulator (self modifying code) 7->48 18 schtasks.exe 1 7->18         started        20 schtasks.exe 1 7->20         started        50 Antivirus detection for dropped file 12->50 52 Tries to detect virtualization through RDTSC time measurements 12->52 54 Tries to detect sandboxes / dynamic malware analysis system (registry check) 12->54 file5 signatures6 process7 process8 22 conhost.exe 18->22         started        24 conhost.exe 20->24         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            LisectAVT_2403002A_191.exe100%AviraTR/AD.Nekark.cxjdy

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\RageMP131\RageMP131.exe100%AviraTR/AD.Nekark.cxjdy
            C:\ProgramData\MPGPH131\MPGPH131.exe100%AviraTR/AD.Nekark.cxjdy

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.winimage.com/zLibDll0%URL Reputationsafe
            https://ipinfo.io/0%URL Reputationsafe
            https://t.me/RiseProSUPPORT0%Avira URL Cloudsafe
            https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll0%Avira URL Cloudsafe
            https://www.maxmind.com/en/locate-my-ip-address0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dllLisectAVT_2403002A_191.exe, 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, LisectAVT_2403002A_191.exe, 00000000.00000003.2033248421.0000000004720000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2061020285.0000000004640000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000007.00000003.2062288442.0000000004820000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000008.00000003.2182605884.0000000004820000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.3274056165.0000000000571000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000003.2264006131.0000000004450000.00000004.00001000.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.winimage.com/zLibDllMPGPH131.exe, MPGPH131.exe, 00000007.00000003.2062288442.0000000004820000.00000004.00001000.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000008.00000003.2182605884.0000000004820000.00000004.00001000.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000002.3274056165.0000000000571000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000A.00000003.2264006131.0000000004450000.00000004.00001000.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://t.me/RiseProSUPPORTLisectAVT_2403002A_191.exe, 00000000.00000002.3275956463.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3274032651.000000000076D000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000007.00000002.3274228386.0000000000A08000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000008.00000002.3275956134.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000A.00000002.3275957814.0000000000B0C000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://ipinfo.io/MPGPH131.exe, RageMP131.exefalse
            • URL Reputation: safe
            		unknown
            https://www.maxmind.com/en/locate-my-ip-addressMPGPH131.exe, RageMP131.exefalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            193.233.132.62
            		unknownRussian Federation
            		2895FREE-NET-ASFREEnetEUtrue

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1482443
            Start date and time:2024-07-25 23:02:46 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 7m 33s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:13
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:LisectAVT_2403002A_191.exe
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@11/5@0/1
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:Failed
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report creation exceeded maximum time and may have missing disassembly code information.
            • Report size exceeded maximum capacity and may have missing disassembly code.
            • VT rate limit hit for: LisectAVT_2403002A_191.exe

            Simulations

            Behavior and APIs

            TimeTypeDescription
            17:04:05API Interceptor2288555x Sleep call for process: LisectAVT_2403002A_191.exe modified
            17:04:08API Interceptor4773x Sleep call for process: MPGPH131.exe modified
            17:04:20API Interceptor1790028x Sleep call for process: RageMP131.exe modified
            23:03:37Task SchedulerRun new task: MPGPH131 HR path: C:\ProgramData\MPGPH131\MPGPH131.exe
            23:03:37Task SchedulerRun new task: MPGPH131 LG path: C:\ProgramData\MPGPH131\MPGPH131.exe
            23:03:41AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
            23:03:49AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            193.233.132.62SecuriteInfo.com.Win32.PWSX-gen.14899.4987.exeGet hashmaliciousAmadey, RisePro StealerBrowse
            • 193.233.132.62:57893/hera/amadka.exe
            SecuriteInfo.com.Win32.PWSX-gen.580.27252.exeGet hashmaliciousAmadey, RisePro StealerBrowse
            • 193.233.132.62:57893/hera/amadka.exe
            SecuriteInfo.com.Win32.PWSX-gen.15960.19323.exeGet hashmaliciousAmadey, RisePro StealerBrowse
            • 193.233.132.62:57893/hera/amadka.exe
            9iz0QM9rMM.exeGet hashmaliciousAmadey, RisePro StealerBrowse
            • 193.233.132.62:57893/hera/amadka.exe
            4fMLTRkOfB.exeGet hashmaliciousAmadey, RisePro StealerBrowse
            • 193.233.132.62:57893/hera/amadka.exe
            q7a5JOlhLZ.exeGet hashmaliciousAmadey, RisePro StealerBrowse
            • 193.233.132.62:57893/hera/amadka.exe
            7jv1U7CgKF.exeGet hashmaliciousAmadey, RisePro StealerBrowse
            • 193.233.132.62:57893/hera/amadka.exe
            file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
            • 193.233.132.62:57893/hera/amadka.exe
            SecuriteInfo.com.Win32.PWSX-gen.10022.32492.exeGet hashmaliciousAmadey, RisePro StealerBrowse
            • 193.233.132.62:57893/hera/amadka.exe
            file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
            • 193.233.132.62:57893/hera/amadka.exe

            Domains

            No context

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            FREE-NET-ASFREEnetEULisectAVT_2403002A_218.exeGet hashmaliciousRisePro StealerBrowse
            • 193.233.132.74
            LisectAVT_2403002A_228.exeGet hashmaliciousRisePro StealerBrowse
            • 193.233.132.74
            LisectAVT_2403002A_30.exeGet hashmaliciousAmadeyBrowse
            • 193.233.132.56
            LisectAVT_2403002A_33.exeGet hashmaliciousAmadeyBrowse
            • 193.233.132.56
            LisectAVT_2403002A_376.exeGet hashmaliciousRisePro StealerBrowse
            • 193.233.132.74
            LisectAVT_2403002A_389.exeGet hashmaliciousAmadeyBrowse
            • 193.233.132.56
            LisectAVT_2403002A_419.exeGet hashmaliciousRisePro StealerBrowse
            • 193.233.132.67
            LisectAVT_2403002A_419.exeGet hashmaliciousRisePro StealerBrowse
            • 193.233.132.67
            LisectAVT_2403002A_464.exeGet hashmaliciousRisePro StealerBrowse
            • 193.233.132.109
            LisectAVT_2403002A_464.exeGet hashmaliciousRisePro StealerBrowse
            • 193.233.132.109

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\ProgramData\MPGPH131\MPGPH131.exe

            Download File
            Process:C:\Users\user\Desktop\LisectAVT_2403002A_191.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):3159050
            Entropy (8bit):6.660609566905349
            Encrypted:false
            SSDEEP:49152:cCq+iwUDIvKCdNlxk6FXA773bojmr2qjZfWP+cxNgK:c3kyCjXk6FXA3304jYpx
            MD5:96A48D844EA7BAAE454FE84845E1E581
            SHA1:77F0819007790EEF6ECD0EC1BE0E49669132AD3D
            SHA-256:DD43FBAAA8A894E08AA200E56C01DEA30C346356440C4373082F25F7BE4C3154
            SHA-512:386E0B8DEEDDD1F66ABA2511D3AE62097B37A4E1703595F5107619FCC75985EC30A896BB6B003331086A032A7DA27FC695985A504E2677C47BB788E3B6B0A94E
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            Reputation:low
            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$......."...f.{Tf.{Tf.{T-.xUk.{T-.~U..{T-.|Ug.{T)..Tb.{T)..Ut.{T).xUq.{T).~U3.{T-..U..{T-.}Ug.{T-.zU}.{Tf.zT@.{T..rUz.{T..{Ug.{T...Tg.{Tf..Tg.{T..yUg.{TRichf.{T................PE..L....b.e...............".....0........:...........@...........................:.....$.0...@.........................l.:.L...m...........X+.......................................................................................................... . .p..........................@....rsrc...X+.......,..................@....idata .............B..............@...wnjuhnsz..&.......&..D..............@...unhxerdt......:.......0.............@....taggant.0....:.."....0.............@...........................................................................................................................................................................................................................

            C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\LisectAVT_2403002A_191.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Reputation:high, very likely benign file
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Users\user\AppData\Local\RageMP131\RageMP131.exe

            Download File
            Process:C:\Users\user\Desktop\LisectAVT_2403002A_191.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):3159050
            Entropy (8bit):6.660609566905349
            Encrypted:false
            SSDEEP:49152:cCq+iwUDIvKCdNlxk6FXA773bojmr2qjZfWP+cxNgK:c3kyCjXk6FXA3304jYpx
            MD5:96A48D844EA7BAAE454FE84845E1E581
            SHA1:77F0819007790EEF6ECD0EC1BE0E49669132AD3D
            SHA-256:DD43FBAAA8A894E08AA200E56C01DEA30C346356440C4373082F25F7BE4C3154
            SHA-512:386E0B8DEEDDD1F66ABA2511D3AE62097B37A4E1703595F5107619FCC75985EC30A896BB6B003331086A032A7DA27FC695985A504E2677C47BB788E3B6B0A94E
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            Reputation:low
            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$......."...f.{Tf.{Tf.{T-.xUk.{T-.~U..{T-.|Ug.{T)..Tb.{T)..Ut.{T).xUq.{T).~U3.{T-..U..{T-.}Ug.{T-.zU}.{Tf.zT@.{T..rUz.{T..{Ug.{T...Tg.{Tf..Tg.{T..yUg.{TRichf.{T................PE..L....b.e...............".....0........:...........@...........................:.....$.0...@.........................l.:.L...m...........X+.......................................................................................................... . .p..........................@....rsrc...X+.......,..................@....idata .............B..............@...wnjuhnsz..&.......&..D..............@...unhxerdt......:.......0.............@....taggant.0....:.."....0.............@...........................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier

            Download File
            Process:C:\Users\user\Desktop\LisectAVT_2403002A_191.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:3:ggPYV:rPYV
            MD5:187F488E27DB4AF347237FE461A079AD
            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
            Malicious:true
            Reputation:high, very likely benign file
            Preview:[ZoneTransfer]....ZoneId=0

            C:\Users\user\AppData\Local\Temp\rage131MP.tmp

            Download File
            Process:C:\Users\user\Desktop\LisectAVT_2403002A_191.exe
            File Type:ASCII text, with no line terminators
            Category:modified
            Size (bytes):13
            Entropy (8bit):2.8731406795131336
            Encrypted:false
            SSDEEP:3:LEjGQ:qH
            MD5:6794D6F401187368B9107C6CBBFF2249
            SHA1:20F399AFFEF237E4E91E746018168D08C10C6401
            SHA-256:0D84C2CDE76B80BF231C58D25614898CA0002012EA001D6B4204C88B8CE7F3C5
            SHA-512:9CEA1EED41A1B1B403B0837FCE258ECB572207DB42041031739D90E52E59BB8F2450C45CD427C640B249F6C0C8F30B8313D35E888AE7E2CA3341C2B5D29B2BDD
            Malicious:false
            Reputation:low
            Preview:1721945193265

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386, for MS Windows
            Entropy (8bit):6.660609566905349
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.96%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:LisectAVT_2403002A_191.exe
            File size:3'159'050 bytes
            MD5:96a48d844ea7baae454fe84845e1e581
            SHA1:77f0819007790eef6ecd0ec1be0e49669132ad3d
            SHA256:dd43fbaaa8a894e08aa200e56c01dea30c346356440c4373082f25f7be4c3154
            SHA512:386e0b8deeddd1f66aba2511d3ae62097b37a4e1703595f5107619fcc75985ec30a896bb6b003331086a032a7da27fc695985a504e2677c47bb788e3b6b0a94e
            SSDEEP:49152:cCq+iwUDIvKCdNlxk6FXA773bojmr2qjZfWP+cxNgK:c3kyCjXk6FXA3304jYpx
            TLSH:D7E55A91A90CB2CFD48A277C952BCD52595D43B8572019C79E2E78BA7DB3CC112BEC28
            File Content Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$......."...f.{Tf.{Tf.{T-.xUk.{T-.~U..{T-.|Ug.{T)..Tb.{T)..Ut.{T).xUq.{T).~U3.{T-..U..{T-.}Ug.{T-.zU}.{Tf.zT@.{T..rUz.{T..{Ug.{T...Tg.{

            File Icon

            Icon Hash:c769eccc64f6e2bb

            Static PE Info

            General

            Entrypoint:0x7aa000
            Entrypoint Section:.taggant
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
            Time Stamp:0x65FD62AE [Fri Mar 22 10:51:26 2024 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:6
            OS Version Minor:0
            File Version Major:6
            File Version Minor:0
            Subsystem Version Major:6
            Subsystem Version Minor:0
            Import Hash:baa93d47220682c04d92f7797d9224ce

            Entrypoint Preview

            Instruction
            jmp 00007F57B87B706Ah
            movlps xmm6, qword ptr [eax]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add cl, ch
            add byte ptr [eax], ah
            add byte ptr [eax], al
            add byte ptr [esi], al
            or al, byte ptr [eax]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], dh
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [edi], bl
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [ecx], ah
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], cl
            add byte ptr [eax], 00000000h
            add byte ptr [eax], al
            add byte ptr [eax], al
            adc byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            push es
            or al, byte ptr [eax]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], dh
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax+eax], bl
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add dword ptr [eax+00000000h], eax
            add byte ptr [eax], al
            adc byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add dword ptr [edx], ecx
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            inc eax
            or al, byte ptr [eax]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [ecx], al
            add byte ptr [eax], 00000000h
            add byte ptr [eax], al
            add byte ptr [eax], al
            adc byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            push es
            or al, byte ptr [eax]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], dh
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add al, 00h
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [ecx], al
            add byte ptr [eax], 00000000h
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x3a8a6c0x4cwnjuhnsz
            IMAGE_DIRECTORY_ENTRY_IMPORT0x13b06d0x95.idata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1380000x2b58.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x13b1f80x8.idata
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            0x10000x1370000x90600680f70ec36b50494e59d99899763ca27False0.9990733225108225data7.984907273726197IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0x1380000x2b580x2c00b606861556e06d174e42b11831f5e5dbFalse0.22487571022727273data3.9665421773066165IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .idata 0x13b0000x10000x20037f5282c0fa356b1e50be5becbf91e72False0.181640625data1.3087225765280863IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            wnjuhnsz0x13c0000x26d0000x26cc001caad884f8d3adccaefc823da1665b91unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            unhxerdt0x3a90000x10000x200ec77134026abc595ad2a3aff08893bbfFalse0.484375data3.8006430756371983IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .taggant0x3aa0000x30000x22005b6b5243b69d9baf5593d1f0406b403bFalse0.06950827205882353DOS executable (COM)0.7178443537062317IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0x1384180x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216RussianRussia0.1892116182572614
            RT_GROUP_ICON0x13a9c00x14dataRussianRussia1.15
            RT_VERSION0x1381300x2e4dataRussianRussia0.4689189189189189
            RT_MANIFEST0x13a9d80x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

            Imports

            DLLImport
            kernel32.dlllstrcpy
            comctl32.dllInitCommonControls

            Exports

            NameOrdinalAddress
            Start10x466e80

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            RussianRussia
            EnglishUnited States

            Network Behavior

            Suricata IDS Alerts

            TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
            2024-07-25T23:03:41.523769+0200TCP2046269ET MALWARE [ANY.RUN] RisePro TCP (Activity)4970458709192.168.2.5193.233.132.62
            2024-07-25T23:03:57.680324+0200TCP2046269ET MALWARE [ANY.RUN] RisePro TCP (Activity)4970758709192.168.2.5193.233.132.62
            2024-07-25T23:03:56.303473+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434970820.12.23.50192.168.2.5
            2024-07-25T23:04:04.199047+0200TCP2046269ET MALWARE [ANY.RUN] RisePro TCP (Activity)6219358709192.168.2.5193.233.132.62
            2024-07-25T23:03:43.977143+0200TCP2046269ET MALWARE [ANY.RUN] RisePro TCP (Activity)4970658709192.168.2.5193.233.132.62
            2024-07-25T23:04:36.902166+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4436219420.12.23.50192.168.2.5
            2024-07-25T23:03:38.545862+0200TCP2049060ET MALWARE RisePro TCP Heartbeat Packet4970458709192.168.2.5193.233.132.62
            2024-07-25T23:03:43.886481+0200TCP2046269ET MALWARE [ANY.RUN] RisePro TCP (Activity)4970558709192.168.2.5193.233.132.62
            2024-07-25T23:03:40.905756+0200TCP2049060ET MALWARE RisePro TCP Heartbeat Packet4970558709192.168.2.5193.233.132.62

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 25, 2024 23:03:38.533134937 CEST4970458709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:38.538742065 CEST5870949704193.233.132.62192.168.2.5
            Jul 25, 2024 23:03:38.538855076 CEST4970458709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:38.545861959 CEST4970458709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:38.550720930 CEST5870949704193.233.132.62192.168.2.5
            Jul 25, 2024 23:03:40.892617941 CEST4970558709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:40.897387028 CEST5870949705193.233.132.62192.168.2.5
            Jul 25, 2024 23:03:40.897532940 CEST4970558709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:40.905755997 CEST4970558709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:40.910553932 CEST5870949705193.233.132.62192.168.2.5
            Jul 25, 2024 23:03:40.987210989 CEST4970658709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:40.992033958 CEST5870949706193.233.132.62192.168.2.5
            Jul 25, 2024 23:03:40.992141008 CEST4970658709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:40.999912024 CEST4970658709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:41.004807949 CEST5870949706193.233.132.62192.168.2.5
            Jul 25, 2024 23:03:41.523768902 CEST4970458709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:41.528976917 CEST5870949704193.233.132.62192.168.2.5
            Jul 25, 2024 23:03:43.886481047 CEST4970558709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:43.977143049 CEST4970658709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:44.031444073 CEST5870949705193.233.132.62192.168.2.5
            Jul 25, 2024 23:03:44.031873941 CEST5870949706193.233.132.62192.168.2.5
            Jul 25, 2024 23:03:54.668327093 CEST4970758709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:54.673356056 CEST5870949707193.233.132.62192.168.2.5
            Jul 25, 2024 23:03:54.673453093 CEST4970758709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:54.686794996 CEST4970758709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:54.691967964 CEST5870949707193.233.132.62192.168.2.5
            Jul 25, 2024 23:03:57.680324078 CEST4970758709192.168.2.5193.233.132.62
            Jul 25, 2024 23:03:57.685266972 CEST5870949707193.233.132.62192.168.2.5
            Jul 25, 2024 23:03:59.935286045 CEST5870949704193.233.132.62192.168.2.5
            Jul 25, 2024 23:03:59.935421944 CEST4970458709192.168.2.5193.233.132.62
            Jul 25, 2024 23:04:01.179078102 CEST6219358709192.168.2.5193.233.132.62
            Jul 25, 2024 23:04:01.184530973 CEST5870962193193.233.132.62192.168.2.5
            Jul 25, 2024 23:04:01.184637070 CEST6219358709192.168.2.5193.233.132.62
            Jul 25, 2024 23:04:01.200978994 CEST6219358709192.168.2.5193.233.132.62
            Jul 25, 2024 23:04:01.209337950 CEST5870962193193.233.132.62192.168.2.5
            Jul 25, 2024 23:04:02.258812904 CEST5870949705193.233.132.62192.168.2.5
            Jul 25, 2024 23:04:02.260868073 CEST4970558709192.168.2.5193.233.132.62
            Jul 25, 2024 23:04:02.372454882 CEST5870949706193.233.132.62192.168.2.5
            Jul 25, 2024 23:04:02.372580051 CEST4970658709192.168.2.5193.233.132.62
            Jul 25, 2024 23:04:04.199047089 CEST6219358709192.168.2.5193.233.132.62
            Jul 25, 2024 23:04:04.204018116 CEST5870962193193.233.132.62192.168.2.5
            Jul 25, 2024 23:04:16.081759930 CEST5870949707193.233.132.62192.168.2.5
            Jul 25, 2024 23:04:16.081835985 CEST4970758709192.168.2.5193.233.132.62
            Jul 25, 2024 23:04:22.571975946 CEST5870962193193.233.132.62192.168.2.5
            Jul 25, 2024 23:04:22.572083950 CEST6219358709192.168.2.5193.233.132.62

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 25, 2024 23:03:59.310553074 CEST53558541.1.1.1192.168.2.5

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:17:03:35
            Start date:25/07/2024
            Path:C:\Users\user\Desktop\LisectAVT_2403002A_191.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\LisectAVT_2403002A_191.exe"
            Imagebase:0x150000
            File size:3'159'050 bytes
            MD5 hash:96A48D844EA7BAAE454FE84845E1E581
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000003.2033248421.0000000004720000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
            Reputation:low
            Has exited:false

            General

            Target ID:2
            Start time:17:03:37
            Start date:25/07/2024
            Path:C:\Windows\SysWOW64\schtasks.exe
            Wow64 process (32bit):true
            Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
            Imagebase:0x60000
            File size:187'904 bytes
            MD5 hash:48C2FE20575769DE916F48EF0676A965
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:3
            Start time:17:03:37
            Start date:25/07/2024
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff6d64d0000
            File size:862'208 bytes
            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:4
            Start time:17:03:37
            Start date:25/07/2024
            Path:C:\Windows\SysWOW64\schtasks.exe
            Wow64 process (32bit):true
            Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
            Imagebase:0x60000
            File size:187'904 bytes
            MD5 hash:48C2FE20575769DE916F48EF0676A965
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:5
            Start time:17:03:37
            Start date:25/07/2024
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff6d64d0000
            File size:862'208 bytes
            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:6
            Start time:17:03:37
            Start date:25/07/2024
            Path:C:\ProgramData\MPGPH131\MPGPH131.exe
            Wow64 process (32bit):true
            Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
            Imagebase:0xc80000
            File size:3'159'050 bytes
            MD5 hash:96A48D844EA7BAAE454FE84845E1E581
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000006.00000003.2061020285.0000000004640000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 100%, Avira
            Reputation:low
            Has exited:false

            General

            Target ID:7
            Start time:17:03:37
            Start date:25/07/2024
            Path:C:\ProgramData\MPGPH131\MPGPH131.exe
            Wow64 process (32bit):true
            Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
            Imagebase:0xc80000
            File size:3'159'050 bytes
            MD5 hash:96A48D844EA7BAAE454FE84845E1E581
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000007.00000003.2062288442.0000000004820000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security
            Reputation:low
            Has exited:false

            General

            Target ID:8
            Start time:17:03:49
            Start date:25/07/2024
            Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
            Imagebase:0x570000
            File size:3'159'050 bytes
            MD5 hash:96A48D844EA7BAAE454FE84845E1E581
            Has elevated privileges:false
            Has administrator privileges:false
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000008.00000003.2182605884.0000000004820000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
            Antivirus matches:
            • Detection: 100%, Avira
            Reputation:low
            Has exited:false

            General

            Target ID:10
            Start time:17:03:58
            Start date:25/07/2024
            Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
            Imagebase:0x570000
            File size:3'159'050 bytes
            MD5 hash:96A48D844EA7BAAE454FE84845E1E581
            Has elevated privileges:false
            Has administrator privileges:false
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 0000000A.00000002.3274056165.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 0000000A.00000003.2264006131.0000000004450000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
            Reputation:low
            Has exited:false

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:3.7%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:37.8%
              Total number of Nodes:844
              Total number of Limit Nodes:96
              execution_graph 34509 151000 RtlAllocateHeap RtlAllocateHeap RtlAllocateHeap std::_Facet_Register 34552 164100 GetPEB RtlAllocateHeap RtlAllocateHeap std::ios_base::_Ios_base_dtor __fread_nolock 34515 15c430 22 API calls __fread_nolock 34617 15af30 GetSystemMetrics GetSystemMetrics RtlAllocateHeap RtlAllocateHeap ___std_exception_copy 34618 15972e 9 API calls std::ios_base::_Ios_base_dtor 34518 151050 RtlAllocateHeap RtlAllocateHeap 34619 169f50 5 API calls 4 library calls 34620 163f50 7 API calls 2 library calls 34502 168c58 9 API calls 2 library calls 34521 16284f 14 API calls 34560 152160 RtlAllocateHeap std::ios_base::_Ios_base_dtor ___std_exception_destroy 34631 155f90 6 API calls std::ios_base::_Ios_base_dtor 33476 15a090 33530 22f290 33476->33530 33478 15a0c8 33538 152ae0 33478->33538 33480 15a10b 33554 235362 33480->33554 33484 15a1ea std::ios_base::_Ios_base_dtor 33487 15a1c1 33487->33484 33557 2347b0 33487->33557 33490 239136 4 API calls 33492 15a17c 33490->33492 33491 15a20c 33493 22f290 std::_Facet_Register RtlAllocateHeap RtlAllocateHeap 33491->33493 33497 15a18b 33492->33497 33572 1bcf60 33492->33572 33494 15a248 33493->33494 33496 152ae0 RtlAllocateHeap RtlAllocateHeap 33494->33496 33499 15a28b 33496->33499 33577 23dbdf 33497->33577 33502 235362 RtlAllocateHeap 33499->33502 33503 15a2d7 33502->33503 33504 239136 SetFilePointerEx WriteFile RtlAllocateHeap RtlAllocateHeap 33503->33504 33507 15a34e 33503->33507 33506 15a2ea 33504->33506 33505 15a377 std::ios_base::_Ios_base_dtor 33508 234eeb SetFilePointerEx RtlAllocateHeap 33506->33508 33507->33505 33509 2347b0 RtlAllocateHeap 33507->33509 33510 15a2f0 33508->33510 33511 15a399 33509->33511 33512 239136 SetFilePointerEx WriteFile RtlAllocateHeap RtlAllocateHeap 33510->33512 33515 235362 RtlAllocateHeap 33511->33515 33513 15a2fc 33512->33513 33514 1bcf60 RtlAllocateHeap RtlAllocateHeap 33513->33514 33517 15a318 33513->33517 33514->33517 33516 15a3d8 33515->33516 33520 239136 SetFilePointerEx WriteFile RtlAllocateHeap RtlAllocateHeap 33516->33520 33523 15a3f9 33516->33523 33519 23dbdf __fread_nolock SetFilePointerEx ReadFile RtlAllocateHeap RtlAllocateHeap 33517->33519 33518 15a423 std::ios_base::_Ios_base_dtor 33521 15a348 33519->33521 33522 15a3eb 33520->33522 33524 238be8 SetFilePointerEx FindCloseChangeNotification WriteFile RtlAllocateHeap RtlAllocateHeap 33521->33524 33525 234eeb SetFilePointerEx RtlAllocateHeap 33522->33525 33523->33518 33526 2347b0 RtlAllocateHeap 33523->33526 33524->33507 33527 15a3f1 33525->33527 33529 15a439 33526->33529 33528 238be8 SetFilePointerEx FindCloseChangeNotification WriteFile RtlAllocateHeap RtlAllocateHeap 33527->33528 33528->33523 33532 22f295 std::_Facet_Register 33530->33532 33533 22f2af 33532->33533 33535 1521d0 Concurrency::cancel_current_task 33532->33535 33586 23df2c 33532->33586 33533->33478 33534 22f2bb 33534->33534 33535->33534 33592 230651 RtlAllocateHeap RtlAllocateHeap ___std_exception_copy 33535->33592 33537 152213 33537->33478 33539 152ba5 33538->33539 33545 152af6 33538->33545 33594 152270 RtlAllocateHeap RtlAllocateHeap 33539->33594 33541 152b02 std::locale::_Init 33541->33480 33542 152b2a 33546 22f290 std::_Facet_Register 2 API calls 33542->33546 33543 152baa 33595 1521d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 33543->33595 33545->33541 33545->33542 33548 152b65 33545->33548 33549 152b6e 33545->33549 33547 152b3d 33546->33547 33550 2347b0 RtlAllocateHeap 33547->33550 33553 152b46 std::locale::_Init 33547->33553 33548->33542 33548->33543 33552 22f290 std::_Facet_Register 2 API calls 33549->33552 33549->33553 33551 152bb4 33550->33551 33552->33553 33553->33480 33596 2352a0 33554->33596 33556 15a157 33556->33487 33560 239136 33556->33560 33629 2346ec RtlAllocateHeap ___std_exception_copy 33557->33629 33559 2347bf __Getctype 33561 239149 ___std_exception_copy 33560->33561 33630 238e8d 33561->33630 33563 23915e 33637 2344dc 33563->33637 33566 234eeb 33567 234efe ___std_exception_copy 33566->33567 33743 234801 33567->33743 33569 234f0a 33570 2344dc ___std_exception_copy RtlAllocateHeap 33569->33570 33571 15a170 33570->33571 33571->33490 33573 1bcfa7 33572->33573 33576 1bcf78 __fread_nolock 33572->33576 33781 1c0560 33573->33781 33575 1bcfba 33575->33497 33576->33497 33798 23dbfc 33577->33798 33579 15a1bb 33580 238be8 33579->33580 33581 238bfb ___std_exception_copy 33580->33581 33907 238ac3 33581->33907 33583 238c07 33584 2344dc ___std_exception_copy RtlAllocateHeap 33583->33584 33585 238c13 33584->33585 33585->33487 33591 246e2d __Getctype std::_Facet_Register 33586->33591 33587 246e6b 33593 23d23f RtlAllocateHeap __dosmaperr 33587->33593 33588 246e56 RtlAllocateHeap 33590 246e69 33588->33590 33588->33591 33590->33532 33591->33587 33591->33588 33592->33537 33593->33590 33595->33547 33598 2352ac __fread_nolock 33596->33598 33597 2352b3 33614 23d23f RtlAllocateHeap __dosmaperr 33597->33614 33598->33597 33600 2352d3 33598->33600 33602 2352e5 33600->33602 33603 2352d8 33600->33603 33601 2352b8 33615 2347a0 RtlAllocateHeap ___std_exception_copy 33601->33615 33610 246688 33602->33610 33616 23d23f RtlAllocateHeap __dosmaperr 33603->33616 33607 2352ee 33609 2352c3 33607->33609 33617 23d23f RtlAllocateHeap __dosmaperr 33607->33617 33609->33556 33611 246694 __fread_nolock std::_Lockit::_Lockit 33610->33611 33618 24672c 33611->33618 33613 2466af 33613->33607 33614->33601 33615->33609 33616->33609 33617->33609 33623 24674f __fread_nolock 33618->33623 33620 2467b0 33628 246db3 RtlAllocateHeap __dosmaperr 33620->33628 33622 246795 __fread_nolock 33622->33613 33623->33622 33624 2463f3 33623->33624 33627 246400 __Getctype std::_Facet_Register 33624->33627 33625 24642b RtlAllocateHeap 33626 24643e __dosmaperr 33625->33626 33625->33627 33626->33620 33627->33625 33627->33626 33628->33622 33629->33559 33633 238e99 __fread_nolock 33630->33633 33631 238e9f 33652 234723 RtlAllocateHeap ___std_exception_copy __Getctype 33631->33652 33633->33631 33634 238ee2 __fread_nolock 33633->33634 33643 239010 33634->33643 33636 238eba 33636->33563 33638 2344e8 33637->33638 33640 2344ff 33638->33640 33741 234587 RtlAllocateHeap ___std_exception_copy __Getctype 33638->33741 33639 15a16a 33639->33566 33640->33639 33742 234587 RtlAllocateHeap ___std_exception_copy __Getctype 33640->33742 33644 239023 33643->33644 33645 239036 33643->33645 33644->33636 33653 238f37 33645->33653 33647 2390e7 33647->33636 33649 239059 33649->33647 33657 2355d3 33649->33657 33652->33636 33654 238fa0 33653->33654 33655 238f48 33653->33655 33654->33649 33655->33654 33666 23e13d SetFilePointerEx RtlAllocateHeap __fread_nolock ___std_exception_copy 33655->33666 33658 2355ec 33657->33658 33662 235613 33657->33662 33658->33662 33667 245f82 33658->33667 33660 235608 33674 24538b 33660->33674 33663 23e17d 33662->33663 33718 23e05c 33663->33718 33665 23e196 33665->33647 33666->33654 33668 245fa3 33667->33668 33669 245f8e 33667->33669 33668->33660 33681 23d23f RtlAllocateHeap __dosmaperr 33669->33681 33671 245f93 33682 2347a0 RtlAllocateHeap ___std_exception_copy 33671->33682 33673 245f9e 33673->33660 33675 245397 __fread_nolock 33674->33675 33676 2453d8 33675->33676 33678 24541e 33675->33678 33680 24539f 33675->33680 33697 234723 RtlAllocateHeap ___std_exception_copy __Getctype 33676->33697 33678->33680 33683 24549c 33678->33683 33680->33662 33681->33671 33682->33673 33684 2454c4 33683->33684 33696 2454e7 __fread_nolock 33683->33696 33685 2454c8 33684->33685 33687 245523 33684->33687 33703 234723 RtlAllocateHeap ___std_exception_copy __Getctype 33685->33703 33688 245541 33687->33688 33689 23e17d 2 API calls 33687->33689 33698 244fe1 33688->33698 33689->33688 33692 2455a0 33694 245609 WriteFile 33692->33694 33692->33696 33693 245559 33693->33696 33704 244bb2 RtlAllocateHeap RtlAllocateHeap std::locale::_Init std::_Locinfo::_Locinfo_dtor _ValidateLocalCookies 33693->33704 33694->33696 33696->33680 33697->33680 33705 250d44 33698->33705 33700 245021 33700->33692 33700->33693 33701 244ff3 33701->33700 33714 239d10 RtlAllocateHeap RtlAllocateHeap std::_Locinfo::_Locinfo_dtor ___std_exception_copy 33701->33714 33703->33696 33704->33696 33706 250d51 33705->33706 33707 250d5e 33705->33707 33715 23d23f RtlAllocateHeap __dosmaperr 33706->33715 33709 250d6a 33707->33709 33716 23d23f RtlAllocateHeap __dosmaperr 33707->33716 33709->33701 33711 250d56 33711->33701 33712 250d8b 33717 2347a0 RtlAllocateHeap ___std_exception_copy 33712->33717 33714->33700 33715->33711 33716->33712 33717->33711 33723 24a6de 33718->33723 33720 23e06e 33721 23e08a SetFilePointerEx 33720->33721 33722 23e076 __fread_nolock 33720->33722 33721->33722 33722->33665 33724 24a700 33723->33724 33725 24a6eb 33723->33725 33729 24a725 33724->33729 33738 23d22c RtlAllocateHeap __dosmaperr 33724->33738 33736 23d22c RtlAllocateHeap __dosmaperr 33725->33736 33728 24a6f0 33737 23d23f RtlAllocateHeap __dosmaperr 33728->33737 33729->33720 33730 24a730 33739 23d23f RtlAllocateHeap __dosmaperr 33730->33739 33733 24a6f8 33733->33720 33734 24a738 33740 2347a0 RtlAllocateHeap ___std_exception_copy 33734->33740 33736->33728 33737->33733 33738->33730 33739->33734 33740->33733 33741->33640 33742->33639 33744 23480d __fread_nolock 33743->33744 33745 234814 33744->33745 33746 234835 __fread_nolock 33744->33746 33753 234723 RtlAllocateHeap ___std_exception_copy __Getctype 33745->33753 33750 234910 33746->33750 33749 23482d 33749->33569 33754 234942 33750->33754 33752 234922 33752->33749 33753->33749 33755 234951 33754->33755 33756 234979 33754->33756 33770 234723 RtlAllocateHeap ___std_exception_copy __Getctype 33755->33770 33758 245f82 __fread_nolock RtlAllocateHeap 33756->33758 33759 234982 33758->33759 33767 23e11f 33759->33767 33762 234a2c 33771 234cae SetFilePointerEx RtlAllocateHeap __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z _ValidateLocalCookies 33762->33771 33764 234a43 33766 23496c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 33764->33766 33772 234ae3 SetFilePointerEx RtlAllocateHeap __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 33764->33772 33766->33752 33773 23df37 33767->33773 33769 2349a0 33769->33762 33769->33764 33769->33766 33770->33766 33771->33766 33772->33766 33775 23df43 __fread_nolock 33773->33775 33774 23df86 33780 234723 RtlAllocateHeap ___std_exception_copy __Getctype 33774->33780 33775->33774 33777 23dfcc 33775->33777 33779 23df4b 33775->33779 33778 23e05c __fread_nolock 2 API calls 33777->33778 33777->33779 33778->33779 33779->33769 33780->33779 33782 1c06a9 33781->33782 33786 1c0585 33781->33786 33796 152270 RtlAllocateHeap RtlAllocateHeap 33782->33796 33784 1c06ae 33797 1521d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 33784->33797 33788 1c05f0 33786->33788 33789 1c05e3 33786->33789 33791 1c059a 33786->33791 33787 22f290 std::_Facet_Register 2 API calls 33794 1c05aa __fread_nolock std::locale::_Init 33787->33794 33793 22f290 std::_Facet_Register 2 API calls 33788->33793 33788->33794 33789->33784 33789->33791 33790 2347b0 RtlAllocateHeap 33792 1c06b8 33790->33792 33791->33787 33793->33794 33794->33790 33795 1c0667 std::ios_base::_Ios_base_dtor __fread_nolock std::locale::_Init 33794->33795 33795->33575 33797->33794 33799 23dc08 __fread_nolock 33798->33799 33800 23dc52 __fread_nolock 33799->33800 33801 23dc1b __fread_nolock 33799->33801 33806 23dc40 __fread_nolock 33799->33806 33807 23da06 33800->33807 33820 23d23f RtlAllocateHeap __dosmaperr 33801->33820 33803 23dc35 33821 2347a0 RtlAllocateHeap ___std_exception_copy 33803->33821 33806->33579 33810 23da18 __fread_nolock 33807->33810 33813 23da35 33807->33813 33808 23da25 33881 23d23f RtlAllocateHeap __dosmaperr 33808->33881 33810->33808 33810->33813 33815 23da76 __fread_nolock 33810->33815 33811 23da2a 33882 2347a0 RtlAllocateHeap ___std_exception_copy 33811->33882 33813->33806 33814 23dba1 __fread_nolock 33884 23d23f RtlAllocateHeap __dosmaperr 33814->33884 33815->33813 33815->33814 33817 245f82 __fread_nolock RtlAllocateHeap 33815->33817 33822 244623 33815->33822 33883 238a2b RtlAllocateHeap __fread_nolock __dosmaperr std::locale::_Init ___std_exception_copy 33815->33883 33817->33815 33820->33803 33821->33806 33823 244635 33822->33823 33824 24464d 33822->33824 33885 23d22c RtlAllocateHeap __dosmaperr 33823->33885 33826 24498f 33824->33826 33836 244690 33824->33836 33904 23d22c RtlAllocateHeap __dosmaperr 33826->33904 33827 24463a 33886 23d23f RtlAllocateHeap __dosmaperr 33827->33886 33830 244994 33905 23d23f RtlAllocateHeap __dosmaperr 33830->33905 33831 244642 33831->33815 33832 24469b 33887 23d22c RtlAllocateHeap __dosmaperr 33832->33887 33835 2446a8 33906 2347a0 RtlAllocateHeap ___std_exception_copy 33835->33906 33836->33831 33836->33832 33838 2446cb 33836->33838 33837 2446a0 33888 23d23f RtlAllocateHeap __dosmaperr 33837->33888 33841 2446e4 33838->33841 33842 2446f1 33838->33842 33843 24471f 33838->33843 33841->33842 33847 24470d 33841->33847 33889 23d22c RtlAllocateHeap __dosmaperr 33842->33889 33892 246e2d RtlAllocateHeap RtlAllocateHeap __dosmaperr __Getctype std::_Facet_Register 33843->33892 33846 2446f6 33890 23d23f RtlAllocateHeap __dosmaperr 33846->33890 33850 250d44 __fread_nolock RtlAllocateHeap 33847->33850 33848 244730 33893 246db3 RtlAllocateHeap __dosmaperr 33848->33893 33866 24486b 33850->33866 33852 2446fd 33891 2347a0 RtlAllocateHeap ___std_exception_copy 33852->33891 33853 244739 33894 246db3 RtlAllocateHeap __dosmaperr 33853->33894 33856 2448e3 ReadFile 33858 244957 33856->33858 33859 2448fb 33856->33859 33857 244740 33861 244765 33857->33861 33862 24474a 33857->33862 33868 244964 33858->33868 33869 2448b5 33858->33869 33859->33858 33860 2448d4 33859->33860 33872 244937 33860->33872 33873 244920 33860->33873 33880 244708 __fread_nolock 33860->33880 33897 23e13d SetFilePointerEx RtlAllocateHeap __fread_nolock ___std_exception_copy 33861->33897 33895 23d23f RtlAllocateHeap __dosmaperr 33862->33895 33866->33856 33867 24489b 33866->33867 33867->33860 33867->33869 33902 23d23f RtlAllocateHeap __dosmaperr 33868->33902 33869->33880 33898 23d1e5 RtlAllocateHeap __dosmaperr 33869->33898 33870 24474f 33896 23d22c RtlAllocateHeap __dosmaperr 33870->33896 33872->33880 33901 24417b SetFilePointerEx RtlAllocateHeap __fread_nolock 33872->33901 33900 244335 SetFilePointerEx RtlAllocateHeap __fread_nolock __dosmaperr 33873->33900 33875 244969 33903 23d22c RtlAllocateHeap __dosmaperr 33875->33903 33899 246db3 RtlAllocateHeap __dosmaperr 33880->33899 33881->33811 33882->33813 33883->33815 33884->33811 33885->33827 33886->33831 33887->33837 33888->33835 33889->33846 33890->33852 33891->33880 33892->33848 33893->33853 33894->33857 33895->33870 33896->33880 33897->33847 33898->33880 33899->33831 33900->33880 33901->33880 33902->33875 33903->33880 33904->33830 33905->33835 33906->33831 33908 238acf __fread_nolock 33907->33908 33909 238ad9 33908->33909 33912 238afc __fread_nolock 33908->33912 33928 234723 RtlAllocateHeap ___std_exception_copy __Getctype 33909->33928 33911 238af4 33911->33583 33912->33911 33914 238b5a 33912->33914 33915 238b67 33914->33915 33916 238b8a 33914->33916 33940 234723 RtlAllocateHeap ___std_exception_copy __Getctype 33915->33940 33918 2355d3 4 API calls 33916->33918 33926 238b82 33916->33926 33919 238ba2 33918->33919 33929 246ded 33919->33929 33922 245f82 __fread_nolock RtlAllocateHeap 33923 238bb6 33922->33923 33933 244a3f 33923->33933 33926->33911 33928->33911 33930 246e04 33929->33930 33932 238baa 33929->33932 33930->33932 33942 246db3 RtlAllocateHeap __dosmaperr 33930->33942 33932->33922 33935 244a68 33933->33935 33937 238bbd 33933->33937 33934 244ab7 33947 234723 RtlAllocateHeap ___std_exception_copy __Getctype 33934->33947 33935->33934 33938 244a8f 33935->33938 33937->33926 33941 246db3 RtlAllocateHeap __dosmaperr 33937->33941 33943 2449ae 33938->33943 33940->33926 33941->33926 33942->33932 33944 2449ba __fread_nolock 33943->33944 33946 2449f9 33944->33946 33948 244b12 33944->33948 33946->33937 33947->33937 33949 24a6de __fread_nolock RtlAllocateHeap 33948->33949 33951 244b22 33949->33951 33952 24a6de __fread_nolock RtlAllocateHeap 33951->33952 33958 244b28 33951->33958 33959 244b5a 33951->33959 33954 244b51 33952->33954 33953 24a6de __fread_nolock RtlAllocateHeap 33955 244b66 FindCloseChangeNotification 33953->33955 33957 24a6de __fread_nolock RtlAllocateHeap 33954->33957 33955->33958 33956 244b80 __fread_nolock 33956->33946 33957->33959 33960 24a64d RtlAllocateHeap __dosmaperr 33958->33960 33959->33953 33959->33958 33960->33956 33961 15a690 33975 22e812 33961->33975 33964 15a6fe 33978 22e4bb 6 API calls std::locale::_Setgloballocale 33964->33978 33965 15a6a9 33969 15a6c9 __Mtx_unlock 33965->33969 33970 15a6bd GetFileAttributesA 33965->33970 33970->33969 33979 22e5ec 33975->33979 33977 15a6a2 33977->33964 33977->33965 33980 22e64e 33979->33980 33982 22e614 _ValidateLocalCookies 33979->33982 33980->33982 33985 22ec91 GetSystemTimePreciseAsFileTime __aulldiv __aullrem __Xtime_get_ticks 33980->33985 33982->33977 33983 22e6a4 __Xtime_diff_to_millis2 33983->33982 33986 22ec91 GetSystemTimePreciseAsFileTime __aulldiv __aullrem __Xtime_get_ticks 33983->33986 33985->33983 33986->33983 34530 164490 RegOpenKeyExA RegOpenKeyExA RtlAllocateHeap RtlAllocateHeap std::ios_base::_Ios_base_dtor 34531 165498 GetPEB GetPEB GetPEB GetPEB GetPEB 34535 16f880 Sleep RtlAllocateHeap RtlAllocateHeap 34600 166689 9 API calls 4 library calls 34537 15d892 20 API calls __fread_nolock 34635 1657b8 GetPEB GetPEB 33987 15b6a0 34000 15b6fe __Getctype 33987->34000 33988 15b80c std::ios_base::_Ios_base_dtor 33989 15b7e1 33989->33988 33990 2347b0 RtlAllocateHeap 33989->33990 33993 15b82c 33990->33993 33991 15b7d8 34042 23d7d6 RtlAllocateHeap ___std_exception_copy 33991->34042 33994 152ae0 2 API calls 33993->33994 33995 15b8d9 RegOpenKeyExA 33994->33995 33999 15b954 RegQueryValueExA 33995->33999 34004 15b9dc 33995->34004 33996 15b7d2 34041 23d7d6 RtlAllocateHeap ___std_exception_copy 33996->34041 34003 15b9b3 33999->34003 33999->34004 34000->33989 34000->33991 34000->33996 34040 1ba350 2 API calls 4 library calls 34000->34040 34043 1ba350 2 API calls 4 library calls 34003->34043 34004->34004 34005 152ae0 2 API calls 34004->34005 34007 15ba59 __fread_nolock 34005->34007 34008 15ba6d GetCurrentHwProfileA 34007->34008 34009 15ba81 34008->34009 34010 15baac 34008->34010 34044 1ba350 2 API calls 4 library calls 34009->34044 34011 15bab4 SetupDiGetClassDevsA 34010->34011 34013 15bb0d 34011->34013 34016 15badb 34011->34016 34045 15b1a0 9 API calls ___std_exception_copy 34013->34045 34015 15bb1b 34015->34016 34017 15c141 34016->34017 34018 15bb5e 34016->34018 34069 152270 RtlAllocateHeap RtlAllocateHeap 34017->34069 34046 1c20e0 34018->34046 34021 15c146 34023 2347b0 RtlAllocateHeap 34021->34023 34022 15bb89 34027 15bbbc std::locale::_Init 34022->34027 34061 1c06c0 2 API calls 4 library calls 34022->34061 34039 15c065 std::ios_base::_Ios_base_dtor 34023->34039 34024 2347b0 RtlAllocateHeap 34026 15c150 34024->34026 34062 1ba480 34027->34062 34029 15bc62 34067 1c1ed0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task std::locale::_Init std::_Facet_Register 34029->34067 34031 15bcb5 34032 1ba480 2 API calls 34031->34032 34033 15bcc8 34032->34033 34068 1c1ed0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task std::locale::_Init std::_Facet_Register 34033->34068 34035 15bd2c std::ios_base::_Ios_base_dtor 34035->34021 34036 15bf0a std::ios_base::_Ios_base_dtor std::locale::_Init 34035->34036 34037 152ae0 2 API calls 34036->34037 34037->34039 34038 15c124 std::ios_base::_Ios_base_dtor 34039->34024 34039->34038 34040->33996 34041->33991 34042->33989 34043->34004 34044->34010 34045->34015 34047 1c2112 34046->34047 34050 1c213d std::locale::_Init 34046->34050 34048 1c211f 34047->34048 34051 1c216b 34047->34051 34052 1c2162 34047->34052 34049 22f290 std::_Facet_Register 2 API calls 34048->34049 34053 1c2132 34049->34053 34050->34022 34051->34050 34056 22f290 std::_Facet_Register 2 API calls 34051->34056 34052->34048 34054 1c21bc 34052->34054 34053->34050 34057 2347b0 RtlAllocateHeap 34053->34057 34070 1521d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 34054->34070 34056->34050 34058 1c21c6 34057->34058 34071 23d7d6 RtlAllocateHeap ___std_exception_copy 34058->34071 34060 1c21e4 std::ios_base::_Ios_base_dtor 34060->34022 34061->34027 34063 1ba490 34062->34063 34063->34063 34066 1ba4a7 std::locale::_Init 34063->34066 34072 1c06c0 2 API calls 4 library calls 34063->34072 34065 1ba4e2 34065->34029 34066->34029 34067->34031 34068->34035 34070->34053 34071->34060 34072->34065 34073 16e0a0 WSAStartup 34074 16e0d8 34073->34074 34075 16e1a7 34073->34075 34074->34075 34076 16e175 socket 34074->34076 34076->34075 34077 16e18b connect 34076->34077 34077->34075 34078 16e19d closesocket 34077->34078 34078->34075 34078->34076 34540 16c0a0 14 API calls std::_Facet_Register 34605 163aa0 18 API calls 2 library calls 34079 167dc0 34080 167df8 34079->34080 34081 169db7 34080->34081 34082 167e30 34080->34082 34433 152270 RtlAllocateHeap RtlAllocateHeap 34081->34433 34084 1c20e0 2 API calls 34082->34084 34089 167e5c 34084->34089 34085 169dbc 34434 152270 RtlAllocateHeap RtlAllocateHeap 34085->34434 34087 169dc1 34435 152270 RtlAllocateHeap RtlAllocateHeap 34087->34435 34089->34085 34089->34089 34093 167eab 34089->34093 34090 169dc6 34436 22e4bb 6 API calls std::locale::_Setgloballocale 34090->34436 34092 169dcc 34437 152270 RtlAllocateHeap RtlAllocateHeap 34092->34437 34096 1c20e0 2 API calls 34093->34096 34095 169dd1 34097 2347b0 RtlAllocateHeap 34095->34097 34100 167ed7 34096->34100 34098 169dd6 34097->34098 34099 2347b0 RtlAllocateHeap 34098->34099 34101 169ddb 34099->34101 34100->34087 34100->34100 34103 167f23 34100->34103 34102 2347b0 RtlAllocateHeap 34101->34102 34104 169de0 34102->34104 34106 1c20e0 2 API calls 34103->34106 34438 22e4bb 6 API calls std::locale::_Setgloballocale 34104->34438 34112 167f4f __fread_nolock 34106->34112 34107 169de6 34108 2347b0 RtlAllocateHeap 34107->34108 34109 169deb 34108->34109 34439 152270 RtlAllocateHeap RtlAllocateHeap 34109->34439 34111 169df0 34113 2347b0 RtlAllocateHeap 34111->34113 34116 152ae0 2 API calls 34112->34116 34114 169e09 34113->34114 34440 152270 RtlAllocateHeap RtlAllocateHeap 34114->34440 34118 167fcc __fread_nolock 34116->34118 34117 169e0e 34119 2347b0 RtlAllocateHeap 34117->34119 34120 167ff4 GetUserNameA 34118->34120 34197 169c30 34119->34197 34124 168028 34120->34124 34121 2347b0 RtlAllocateHeap 34199 169c5d std::ios_base::_Ios_base_dtor 34121->34199 34122 2347b0 RtlAllocateHeap 34142 169c97 std::ios_base::_Ios_base_dtor 34122->34142 34123 2347b0 RtlAllocateHeap 34128 169e22 34123->34128 34125 152ae0 2 API calls 34124->34125 34131 1685ae std::ios_base::_Ios_base_dtor 34124->34131 34126 16808b 34125->34126 34127 1ba480 2 API calls 34126->34127 34129 1680a8 34127->34129 34132 1680d1 std::locale::_Init 34129->34132 34425 1c06c0 2 API calls 4 library calls 34129->34425 34134 152ae0 2 API calls 34131->34134 34243 16987f std::ios_base::_Ios_base_dtor 34131->34243 34133 22e812 GetSystemTimePreciseAsFileTime 34132->34133 34136 168135 34133->34136 34137 168676 34134->34137 34135 152ae0 2 API calls 34146 1699c6 34135->34146 34136->34090 34139 168140 34136->34139 34140 1ba480 2 API calls 34137->34140 34138 169d9c std::ios_base::_Ios_base_dtor 34144 16815b GetFileAttributesA 34139->34144 34148 168167 __Mtx_unlock 34139->34148 34141 168693 34140->34141 34143 1686bc std::locale::_Init 34141->34143 34427 1c06c0 2 API calls 4 library calls 34141->34427 34142->34123 34142->34138 34149 22e812 GetSystemTimePreciseAsFileTime 34143->34149 34144->34148 34146->34114 34147 169a3e 34146->34147 34150 1c20e0 2 API calls 34147->34150 34148->34092 34154 1681fa 34148->34154 34184 168573 std::ios_base::_Ios_base_dtor 34148->34184 34151 168721 34149->34151 34153 169a6a 34150->34153 34151->34104 34152 16872c 34151->34152 34159 16874f GetFileAttributesA 34152->34159 34161 16875b __Mtx_unlock 34152->34161 34155 1ba480 2 API calls 34153->34155 34157 1c20e0 2 API calls 34154->34157 34156 169a7d 34155->34156 34411 1ba4f0 34156->34411 34160 168222 34157->34160 34159->34161 34169 168775 __Mtx_unlock 34159->34169 34162 16824f std::locale::_Init 34160->34162 34426 1c06c0 2 API calls 4 library calls 34160->34426 34165 152ae0 2 API calls 34161->34165 34161->34169 34167 1ba480 2 API calls 34162->34167 34163 169adb std::ios_base::_Ios_base_dtor 34163->34117 34166 169b4d std::ios_base::_Ios_base_dtor 34163->34166 34165->34169 34168 235362 RtlAllocateHeap 34166->34168 34175 16830a std::ios_base::_Ios_base_dtor 34167->34175 34170 169b91 34168->34170 34169->34107 34174 1687cd std::ios_base::_Ios_base_dtor 34169->34174 34170->34199 34416 1640e0 34170->34416 34171 1683e2 std::ios_base::_Ios_base_dtor 34244 1ba770 34171->34244 34174->34109 34174->34174 34178 1688be 34174->34178 34174->34243 34175->34095 34175->34171 34176 16840c 34261 15a600 34176->34261 34180 1c20e0 2 API calls 34178->34180 34179 168545 34179->34098 34179->34184 34183 1688e6 34180->34183 34181 169bf3 34419 23d168 34181->34419 34182 169ba3 34182->34181 34185 152ae0 2 API calls 34182->34185 34188 16890d std::locale::_Init 34183->34188 34428 1c06c0 2 API calls 4 library calls 34183->34428 34184->34101 34184->34131 34185->34181 34186 168411 34186->34179 34187 16843d CopyFileA 34186->34187 34187->34179 34189 16844f RegOpenKeyExA 34187->34189 34196 1ba480 2 API calls 34188->34196 34189->34179 34195 168509 RegSetValueExA 34189->34195 34194 238be8 5 API calls 34194->34197 34195->34179 34201 1689a7 std::ios_base::_Ios_base_dtor 34196->34201 34197->34121 34197->34199 34199->34122 34199->34142 34200 168a8d std::ios_base::_Ios_base_dtor 34202 1ba770 2 API calls 34200->34202 34201->34111 34201->34200 34203 168aba 34202->34203 34204 15a600 5 API calls 34203->34204 34206 168abf 34204->34206 34205 168af4 CopyFileA 34207 168b06 34205->34207 34205->34243 34206->34205 34206->34243 34208 152ae0 2 API calls 34207->34208 34209 168c04 34208->34209 34270 1be530 34209->34270 34211 168c90 34212 1ba480 2 API calls 34211->34212 34213 168ca2 34212->34213 34214 168d43 std::locale::_Init 34213->34214 34429 1c06c0 2 API calls 4 library calls 34213->34429 34216 1ba480 2 API calls 34214->34216 34217 168e17 34216->34217 34218 168eb2 std::locale::_Init 34217->34218 34430 1c06c0 2 API calls 4 library calls 34217->34430 34220 1ba480 2 API calls 34218->34220 34222 168f88 std::ios_base::_Ios_base_dtor 34220->34222 34221 1ba770 2 API calls 34223 1691fc 34221->34223 34222->34221 34274 165b90 34223->34274 34225 169203 34226 152ae0 2 API calls 34225->34226 34227 169313 34226->34227 34228 1be530 2 API calls 34227->34228 34229 169395 34228->34229 34230 1ba480 2 API calls 34229->34230 34231 1693a7 34230->34231 34232 16941e std::locale::_Init 34231->34232 34431 1c06c0 2 API calls 4 library calls 34231->34431 34234 1ba480 2 API calls 34232->34234 34235 1694bc 34234->34235 34236 169557 std::locale::_Init 34235->34236 34432 1c06c0 2 API calls 4 library calls 34235->34432 34238 1ba480 2 API calls 34236->34238 34239 169627 std::ios_base::_Ios_base_dtor 34238->34239 34240 1ba770 2 API calls 34239->34240 34241 169878 34240->34241 34242 165b90 9 API calls 34241->34242 34242->34243 34243->34135 34243->34142 34245 1ba799 34244->34245 34246 1ba851 34245->34246 34252 1ba7aa 34245->34252 34441 152270 RtlAllocateHeap RtlAllocateHeap 34246->34441 34248 1ba7b6 std::locale::_Init 34248->34176 34249 1ba7db 34253 22f290 std::_Facet_Register 2 API calls 34249->34253 34250 1ba856 34442 1521d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 34250->34442 34252->34248 34252->34249 34255 1ba81d 34252->34255 34256 1ba814 34252->34256 34254 1ba7ee 34253->34254 34257 2347b0 RtlAllocateHeap 34254->34257 34260 1ba7f5 std::locale::_Init 34254->34260 34259 22f290 std::_Facet_Register 2 API calls 34255->34259 34255->34260 34256->34249 34256->34250 34258 1ba860 34257->34258 34258->34176 34259->34260 34260->34176 34262 15a610 34261->34262 34262->34262 34263 235362 RtlAllocateHeap 34262->34263 34264 15a638 34263->34264 34265 238be8 5 API calls 34264->34265 34267 15a645 34264->34267 34265->34267 34266 15a674 std::ios_base::_Ios_base_dtor 34266->34186 34267->34266 34268 2347b0 RtlAllocateHeap 34267->34268 34269 15a68a 34268->34269 34271 1be546 34270->34271 34271->34271 34273 1be564 std::locale::_Init 34271->34273 34443 1ca520 34271->34443 34273->34211 34275 165bca __fread_nolock 34274->34275 34276 165ca6 CreateProcessA 34275->34276 34277 165cc9 34276->34277 34281 165cf0 34276->34281 34279 165cd5 GetPEB 34277->34279 34278 165da1 std::ios_base::_Ios_base_dtor 34278->34225 34279->34281 34280 2347b0 RtlAllocateHeap 34282 165dc1 __fread_nolock 34280->34282 34281->34278 34281->34280 34283 152ae0 2 API calls 34282->34283 34287 165e3c 34283->34287 34284 165f93 std::ios_base::_Ios_base_dtor 34284->34225 34285 2347b0 RtlAllocateHeap 34286 165fab 34285->34286 34286->34286 34288 167d25 34286->34288 34289 166030 34286->34289 34287->34284 34287->34285 34477 152270 RtlAllocateHeap RtlAllocateHeap 34288->34477 34292 1c20e0 2 API calls 34289->34292 34291 167d2a 34478 152270 RtlAllocateHeap RtlAllocateHeap 34291->34478 34297 166059 34292->34297 34294 167d2f 34479 152270 RtlAllocateHeap RtlAllocateHeap 34294->34479 34296 167d34 34480 22e4bb 6 API calls std::locale::_Setgloballocale 34296->34480 34297->34291 34297->34297 34299 1660b3 34297->34299 34303 1c20e0 2 API calls 34299->34303 34300 167d3a 34481 152270 RtlAllocateHeap RtlAllocateHeap 34300->34481 34302 167d3f 34304 2347b0 RtlAllocateHeap 34302->34304 34308 1660dc 34303->34308 34305 167d44 34304->34305 34306 2347b0 RtlAllocateHeap 34305->34306 34307 167d49 34306->34307 34309 2347b0 RtlAllocateHeap 34307->34309 34308->34294 34308->34308 34311 166133 34308->34311 34310 167d4e 34309->34310 34482 22e4bb 6 API calls std::locale::_Setgloballocale 34310->34482 34314 1c20e0 2 API calls 34311->34314 34313 167d54 34315 2347b0 RtlAllocateHeap 34313->34315 34319 16615c __fread_nolock 34314->34319 34316 167d59 34315->34316 34483 152270 RtlAllocateHeap RtlAllocateHeap 34316->34483 34318 167d5e 34320 2347b0 RtlAllocateHeap 34318->34320 34322 152ae0 2 API calls 34319->34322 34321 167d81 34320->34321 34321->34225 34323 1661dc 34322->34323 34323->34323 34324 152ae0 2 API calls 34323->34324 34328 166768 std::ios_base::_Ios_base_dtor 34323->34328 34325 166259 34324->34325 34326 1ba480 2 API calls 34325->34326 34327 166273 34326->34327 34334 16629c std::locale::_Init 34327->34334 34469 1c06c0 2 API calls 4 library calls 34327->34469 34328->34328 34329 152ae0 2 API calls 34328->34329 34332 167b4e std::ios_base::_Ios_base_dtor 34328->34332 34330 1667e8 34329->34330 34333 1ba480 2 API calls 34330->34333 34332->34225 34335 166802 34333->34335 34336 22e812 GetSystemTimePreciseAsFileTime 34334->34336 34337 16682b std::locale::_Init 34335->34337 34471 1c06c0 2 API calls 4 library calls 34335->34471 34338 1662f1 34336->34338 34340 22e812 GetSystemTimePreciseAsFileTime 34337->34340 34338->34296 34342 1662fc __Mtx_unlock 34338->34342 34341 16687e 34340->34341 34341->34310 34346 166889 __Mtx_unlock 34341->34346 34342->34300 34343 1663ae 34342->34343 34362 166730 std::ios_base::_Ios_base_dtor 34342->34362 34345 1c20e0 2 API calls 34343->34345 34344 152ae0 2 API calls 34350 1668cb __Mtx_unlock 34344->34350 34347 1663d0 34345->34347 34346->34344 34346->34350 34348 166403 std::locale::_Init 34347->34348 34470 1c06c0 2 API calls 4 library calls 34347->34470 34351 1ba480 2 API calls 34348->34351 34350->34313 34352 166923 std::ios_base::_Ios_base_dtor 34350->34352 34355 1664cd std::ios_base::_Ios_base_dtor 34351->34355 34352->34316 34352->34332 34352->34352 34354 166a0d 34352->34354 34353 1665ac std::ios_base::_Ios_base_dtor 34356 1ba770 2 API calls 34353->34356 34358 1c20e0 2 API calls 34354->34358 34355->34302 34355->34353 34357 1665df 34356->34357 34359 15a600 5 API calls 34357->34359 34360 166a2f 34358->34360 34365 1665e4 34359->34365 34361 166a5c std::locale::_Init 34360->34361 34472 1c06c0 2 API calls 4 library calls 34360->34472 34364 1ba480 2 API calls 34361->34364 34362->34307 34362->34328 34368 166b2f std::ios_base::_Ios_base_dtor 34364->34368 34365->34305 34365->34362 34365->34365 34366 166c2a std::ios_base::_Ios_base_dtor 34367 1ba770 2 API calls 34366->34367 34369 166c60 34367->34369 34368->34318 34368->34366 34370 15a600 5 API calls 34369->34370 34374 166c65 __fread_nolock 34370->34374 34371 1ba770 2 API calls 34372 167b49 34371->34372 34373 15a600 5 API calls 34372->34373 34373->34332 34374->34374 34375 152ae0 2 API calls 34374->34375 34410 167ab9 std::ios_base::_Ios_base_dtor 34374->34410 34376 166de3 34375->34376 34377 1be530 2 API calls 34376->34377 34378 166e65 34377->34378 34379 1ba480 2 API calls 34378->34379 34380 166e77 34379->34380 34381 166f18 std::locale::_Init 34380->34381 34473 1c06c0 2 API calls 4 library calls 34380->34473 34383 1ba480 2 API calls 34381->34383 34384 166fec 34383->34384 34385 167087 std::locale::_Init 34384->34385 34474 1c06c0 2 API calls 4 library calls 34384->34474 34387 1ba480 2 API calls 34385->34387 34388 16715d std::ios_base::_Ios_base_dtor 34387->34388 34389 152ae0 2 API calls 34388->34389 34390 167402 34389->34390 34391 165b90 7 API calls 34390->34391 34392 167409 34391->34392 34393 152ae0 2 API calls 34392->34393 34394 1674f3 34393->34394 34395 1be530 2 API calls 34394->34395 34396 167575 34395->34396 34397 1ba480 2 API calls 34396->34397 34398 167587 34397->34398 34399 1675fe std::locale::_Init 34398->34399 34475 1c06c0 2 API calls 4 library calls 34398->34475 34401 1ba480 2 API calls 34399->34401 34402 1676b9 34401->34402 34403 167754 std::locale::_Init 34402->34403 34476 1c06c0 2 API calls 4 library calls 34402->34476 34405 1ba480 2 API calls 34403->34405 34406 167821 std::ios_base::_Ios_base_dtor 34405->34406 34407 152ae0 2 API calls 34406->34407 34408 167ab2 34407->34408 34409 165b90 7 API calls 34408->34409 34409->34410 34410->34371 34412 1ba504 34411->34412 34415 1ba514 std::locale::_Init 34412->34415 34484 1c06c0 2 API calls 4 library calls 34412->34484 34414 1ba55a 34414->34163 34415->34163 34485 22ec6a 34416->34485 34418 1640eb __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 34418->34182 34420 23d17b ___std_exception_copy 34419->34420 34492 23cf4a 34420->34492 34422 23d190 34423 2344dc ___std_exception_copy RtlAllocateHeap 34422->34423 34424 169c2a 34423->34424 34424->34194 34425->34132 34426->34162 34427->34143 34428->34188 34429->34214 34430->34218 34431->34232 34432->34236 34442->34254 34444 1ca651 34443->34444 34448 1ca545 34443->34448 34466 152270 RtlAllocateHeap RtlAllocateHeap 34444->34466 34446 1ca656 34467 1521d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 34446->34467 34449 1ca5a4 34448->34449 34450 1ca5b1 34448->34450 34453 1ca55a 34448->34453 34449->34446 34449->34453 34454 22f290 std::_Facet_Register 2 API calls 34450->34454 34455 1ca56a std::locale::_Init 34450->34455 34451 22f290 std::_Facet_Register 2 API calls 34451->34455 34452 2347b0 RtlAllocateHeap 34456 1ca660 34452->34456 34453->34451 34454->34455 34455->34452 34459 1ca619 std::ios_base::_Ios_base_dtor std::locale::_Init 34455->34459 34457 1ca69e std::ios_base::_Ios_base_dtor 34456->34457 34458 2347b0 RtlAllocateHeap 34456->34458 34457->34273 34460 1ca6c2 34458->34460 34459->34273 34461 1ca6ff std::ios_base::_Ios_base_dtor 34460->34461 34462 2347b0 RtlAllocateHeap 34460->34462 34461->34273 34463 1ca737 34462->34463 34468 1bfa40 RtlAllocateHeap std::ios_base::_Ios_base_dtor 34463->34468 34465 1ca74b 34465->34273 34467->34455 34468->34465 34469->34334 34470->34348 34471->34337 34472->34361 34473->34381 34474->34385 34475->34399 34476->34403 34484->34414 34488 22f26a 34485->34488 34489 22ec78 34488->34489 34490 22f27b GetSystemTimePreciseAsFileTime 34488->34490 34489->34418 34490->34489 34493 23cf80 34492->34493 34494 23cf58 34492->34494 34493->34422 34494->34493 34495 23cf87 34494->34495 34496 23cf65 34494->34496 34501 23cea3 SetFilePointerEx WriteFile RtlAllocateHeap RtlAllocateHeap __fread_nolock 34495->34501 34500 234723 RtlAllocateHeap ___std_exception_copy __Getctype 34496->34500 34499 23cfbf 34499->34422 34500->34493 34501->34499 34578 164dc9 11 API calls 34649 1603fa 16 API calls 2 library calls 34548 1648e0 16 API calls

              Executed Functions

              Function 00167DC0 Relevance: 61.8, APIs: 11, Strings: 23, Instructions: 2344registryfileCOMMON
              Download Yara Rule
              APIs
              • GetUserNameA.ADVAPI32(?,00000104,?,?,?), ref: 00168006
              • GetFileAttributesA.KERNELBASE(?,00000001,?,?,?,?), ref: 0016815D
              • __Mtx_unlock.LIBCPMT ref: 00168186
              • __Mtx_unlock.LIBCPMT ref: 00168195
              • CopyFileA.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,0000005D), ref: 00168442
              • RegOpenKeyExA.KERNELBASE(80000001,83909AA7,00000000,00020006,00000000), ref: 00168500
              • RegSetValueExA.KERNELBASE(00000000,?,00000000,00000001,?,?), ref: 00168537
              • GetFileAttributesA.KERNELBASE(?,00000001,?,?,?,?,?,?), ref: 00168751
              • __Mtx_unlock.LIBCPMT ref: 0016877A
                • Part of subcall function 001C06C0: Concurrency::cancel_current_task.LIBCPMT ref: 001C0807
              • __Mtx_unlock.LIBCPMT ref: 001687D7
              • CopyFileA.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00168AF9
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: FileMtx_unlock$AttributesCopy$Concurrency::cancel_current_taskNameOpenUserValue
              • String ID: $*`'$$*`'$$*tk$'[_+$'[_+.$(ACL$+$+wj'$.$131$@@MC$DH][$I^Z$OFMM$RM[#$\$agnd$bqZP$e`vf$e`vf$ec`v$rnql${~RL
              • API String ID: 816876003-939402308
              • Opcode ID: ee6c1e80e595a4afc3e54e326542825933d1a38f93a603feb971dd43360293de
              • Instruction ID: 274d58b1414f90afee34747ab6c6f423403c766815d596adabdb0d355324fd9a
              • Opcode Fuzzy Hash: ee6c1e80e595a4afc3e54e326542825933d1a38f93a603feb971dd43360293de
              • Instruction Fuzzy Hash: 6E238E70D002599FDB28CF68CC94BEEBBB5AF05304F1482EDD419AB282E7719A95CF51
              Function 00165B90 Relevance: 56.7, APIs: 5, Strings: 26, Instructions: 2429processCOMMON
              Download Yara Rule
              APIs
              • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,?,?,?,?), ref: 00165CBF
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: CreateProcess
              • String ID: $*`'$$*`'$$*tk$'[_+$'[_+$(ACL$*$+wj'$.$.$131$@@MC$D$DH][$I^Z$OFMM$RM[#$\$agnd$bqZP$e`vf$e`vf$ec`v$rnql$s@${~RL
              • API String ID: 963392458-2482556880
              • Opcode ID: 6b5086e18f67452b56dded760336a7a574710db14a029cb107653943f2047021
              • Instruction ID: 38715173464d76e32ee256300a92c88d798d2d4294882f6ee55d9cb2c53b8d2d
              • Opcode Fuzzy Hash: 6b5086e18f67452b56dded760336a7a574710db14a029cb107653943f2047021
              • Instruction Fuzzy Hash: 2A237D709042589FDB28CF68CC94BEEBBB5BF09304F1441EDD449AB282E7719A95CF91
              Function 0015B6A0 Relevance: 21.8, APIs: 4, Strings: 8, Instructions: 840registryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1207 15b6a0-15b6fc 1208 15b704-15b72d 1207->1208 1209 15b6fe-15b701 1207->1209 1211 15b7e5-15b7ec 1208->1211 1212 15b733-15b743 call 2350b2 1208->1212 1209->1208 1213 15b816-15b826 1211->1213 1214 15b7ee-15b7fa 1211->1214 1219 15b7e4 1212->1219 1220 15b749-15b75d 1212->1220 1216 15b80c-15b813 call 22f511 1214->1216 1217 15b7fc-15b80a 1214->1217 1216->1213 1217->1216 1221 15b827-15b863 call 2347b0 call 15a440 1217->1221 1219->1211 1228 15b75f-15b78c 1220->1228 1229 15b7db-15b7e1 call 23d7d6 1220->1229 1232 15b865 1221->1232 1233 15b86a-15b87e 1221->1233 1228->1229 1237 15b78e-15b79e call 2350b2 1228->1237 1229->1219 1232->1233 1236 15b880-15b88b 1233->1236 1236->1236 1238 15b88d-15b8bd 1236->1238 1237->1229 1243 15b7a0-15b7b9 1237->1243 1240 15b8c0-15b8c5 1238->1240 1240->1240 1242 15b8c7-15b921 call 152ae0 1240->1242 1247 15b925-15b930 1242->1247 1248 15b7d2-15b7d8 call 23d7d6 1243->1248 1249 15b7bb-15b7bd 1243->1249 1247->1247 1251 15b932-15b94e RegOpenKeyExA 1247->1251 1248->1229 1252 15b7c0-15b7c5 1249->1252 1254 15b9e5-15b9f9 1251->1254 1255 15b954-15b97d 1251->1255 1252->1252 1256 15b7c7-15b7cd call 1ba350 1252->1256 1257 15ba00-15ba0b 1254->1257 1258 15b980-15b98b 1255->1258 1256->1248 1257->1257 1260 15ba0d-15ba3d 1257->1260 1258->1258 1261 15b98d-15b9b1 RegQueryValueExA 1258->1261 1264 15ba40-15ba45 1260->1264 1262 15b9b3-15b9bc 1261->1262 1263 15b9dc-15b9df 1261->1263 1265 15b9c0-15b9c5 1262->1265 1263->1254 1264->1264 1266 15ba47-15ba7f call 152ae0 call 2314f0 GetCurrentHwProfileA 1264->1266 1265->1265 1267 15b9c7-15b9d7 call 1ba350 1265->1267 1273 15ba81-15ba8a 1266->1273 1274 15baac-15bad9 call 15b360 SetupDiGetClassDevsA 1266->1274 1267->1263 1275 15ba90-15ba95 1273->1275 1280 15bb0d-15bb1b call 15b1a0 1274->1280 1281 15badb-15bb0b 1274->1281 1275->1275 1277 15ba97-15baa7 call 1ba350 1275->1277 1277->1274 1282 15bb1e-15bb3c 1280->1282 1281->1282 1285 15bb40-15bb45 1282->1285 1285->1285 1286 15bb47-15bb58 1285->1286 1287 15c141 call 152270 1286->1287 1288 15bb5e-15bb6b 1286->1288 1293 15c146 call 2347b0 1287->1293 1290 15bb73-15bb9a call 1c20e0 1288->1290 1291 15bb6d 1288->1291 1296 15bba2-15bbba 1290->1296 1297 15bb9c 1290->1297 1291->1290 1298 15c14b-15c167 call 2347b0 1293->1298 1299 15bbf3-15bc08 call 1c06c0 1296->1299 1300 15bbbc-15bbce 1296->1300 1297->1296 1308 15c182-15c185 1298->1308 1309 15c169-15c16b 1298->1309 1311 15bc0a-15bd39 call 1ba480 call 1c1ed0 call 1ba480 call 1c1ed0 1299->1311 1302 15bbd6-15bbf1 call 230f70 1300->1302 1303 15bbd0 1300->1303 1302->1311 1303->1302 1312 15c170-15c17c 1309->1312 1322 15bd3b-15bd4a 1311->1322 1323 15bd6a-15bd77 1311->1323 1312->1312 1313 15c17e 1312->1313 1313->1308 1324 15bd60-15bd67 call 22f511 1322->1324 1325 15bd4c-15bd5a 1322->1325 1326 15bd79-15bd88 1323->1326 1327 15bda8-15bdcd 1323->1327 1324->1323 1325->1293 1325->1324 1331 15bd9e-15bda5 call 22f511 1326->1331 1332 15bd8a-15bd98 1326->1332 1328 15bdcf-15bddb 1327->1328 1329 15bdfb-15be05 1327->1329 1333 15bdf1-15bdf8 call 22f511 1328->1333 1334 15bddd-15bdeb 1328->1334 1335 15be07-15be13 1329->1335 1336 15be33-15be52 1329->1336 1331->1327 1332->1293 1332->1331 1333->1329 1334->1293 1334->1333 1340 15be15-15be23 1335->1340 1341 15be29-15be30 call 22f511 1335->1341 1342 15be54-15be63 1336->1342 1343 15be83-15beab 1336->1343 1340->1293 1340->1341 1341->1336 1349 15be65-15be73 1342->1349 1350 15be79-15be80 call 22f511 1342->1350 1345 15bead-15bebc 1343->1345 1346 15bedc-15bee6 1343->1346 1352 15bed2-15bed9 call 22f511 1345->1352 1353 15bebe-15becc 1345->1353 1354 15bf14-15bf9b 1346->1354 1355 15bee8-15bef4 1346->1355 1349->1293 1349->1350 1350->1343 1352->1346 1353->1293 1353->1352 1361 15bfa6-15bfab 1354->1361 1362 15bf9d-15bfa3 1354->1362 1359 15bef6-15bf04 1355->1359 1360 15bf0a-15bf11 call 22f511 1355->1360 1359->1293 1359->1360 1360->1354 1363 15bfd6-15bfd8 1361->1363 1364 15bfad 1361->1364 1362->1361 1368 15c000 1363->1368 1369 15bfda-15bffe call 230f70 1363->1369 1367 15bfb2-15bfce call 1d5b20 1364->1367 1377 15bfd0 1367->1377 1373 15c00a-15c01d call 1d5980 1368->1373 1369->1373 1379 15c030-15c04f 1373->1379 1380 15c01f-15c02f 1373->1380 1377->1363 1381 15c050-15c055 1379->1381 1380->1379 1381->1381 1382 15c057-15c06e call 152ae0 1381->1382 1385 15c070-15c07f 1382->1385 1386 15c09f-15c0c3 1382->1386 1387 15c095-15c09c call 22f511 1385->1387 1388 15c081-15c08f 1385->1388 1389 15c0c5-15c0d6 1386->1389 1390 15c0f8-15c101 1386->1390 1387->1386 1388->1298 1388->1387 1394 15c0ee-15c0f5 call 22f511 1389->1394 1395 15c0d8-15c0e9 1389->1395 1391 15c103-15c112 1390->1391 1392 15c12e-15c140 1390->1392 1396 15c124-15c12b call 22f511 1391->1396 1397 15c114-15c122 1391->1397 1394->1390 1395->1298 1399 15c0eb 1395->1399 1396->1392 1397->1298 1397->1396 1399->1394
              APIs
              • RegOpenKeyExA.KERNELBASE(80000002,A3B0BAA7,00000000,00020019,00000000,999D9BA1,999D9BA2), ref: 0015B947
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: Open
              • String ID: :$_$_$_$`yk$bqZD$cj|n$rnql
              • API String ID: 71445658-3798079816
              • Opcode ID: 28fae63e9fd5e9bee6eb45a7d880bb48bcb52e09aae219b2855d0e8d7ce77e9d
              • Instruction ID: 9137141c0254eb69cbbae805ff4cf1aa5c0c98d550b8c50d0f834c6f566252c1
              • Opcode Fuzzy Hash: 28fae63e9fd5e9bee6eb45a7d880bb48bcb52e09aae219b2855d0e8d7ce77e9d
              • Instruction Fuzzy Hash: EF72C171D04258DFDB18CF68CC94BEEBBB5EF05304F1481A9E419AB282D7719A89CF90
              Function 00168C58 Relevance: 16.1, Strings: 12, Instructions: 1132COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: $*`'$$*tk$'[_+$'[_+.$(ACL$+$.$131$DH][$I^Z$OFMM$e`vf
              • API String ID: 0-1209388747
              • Opcode ID: cc435c68bd84bbb6ba14eaf6b3afeb53ffd1a8b83c79fa98e4e958201a406a41
              • Instruction ID: 5c5ab4a90e2e7fe4f624bf7ccf539da960edbff313b3e222a0937e9473a248e6
              • Opcode Fuzzy Hash: cc435c68bd84bbb6ba14eaf6b3afeb53ffd1a8b83c79fa98e4e958201a406a41
              • Instruction Fuzzy Hash: 70B27D709002598FDB28CF68CD987EDBBB5AF09304F1482EDD409AB782D7759A95CF90
              Function 00169259 Relevance: 10.8, Strings: 8, Instructions: 787COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: $*`'$'[_+$'[_+.$+$.$131$I^Z$e`vf
              • API String ID: 0-728311852
              • Opcode ID: 3eff37bf234a88ddd1eff68da2341dbc572989b4a9446f2cbea68f77888b332c
              • Instruction ID: 85dfc151f6de3812c2fc316faf21c2e270670fe13a0c527df4040196064529df
              • Opcode Fuzzy Hash: 3eff37bf234a88ddd1eff68da2341dbc572989b4a9446f2cbea68f77888b332c
              • Instruction Fuzzy Hash: 6F72AE709002588FDB18CF68DD98BEDBBB5AF45300F2482EDD019AB792D7349A95CF50
              Function 0016E0A0 Relevance: 6.1, APIs: 4, Instructions: 100networkCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1962 16e0a0-16e0d2 WSAStartup 1963 16e1b7-16e1c0 1962->1963 1964 16e0d8-16e102 call 156bd0 * 2 1962->1964 1969 16e104-16e108 1964->1969 1970 16e10e-16e165 1964->1970 1969->1963 1969->1970 1972 16e167-16e16d 1970->1972 1973 16e1b1 1970->1973 1974 16e1c5-16e1cf 1972->1974 1975 16e16f 1972->1975 1973->1963 1974->1973 1979 16e1d1-16e1d9 1974->1979 1976 16e175-16e189 socket 1975->1976 1976->1973 1978 16e18b-16e19b connect 1976->1978 1980 16e1c1 1978->1980 1981 16e19d-16e1a5 closesocket 1978->1981 1980->1974 1981->1976 1982 16e1a7-16e1ab 1981->1982 1982->1973
              APIs
              • WSAStartup.WS2_32 ref: 0016E0CB
              • socket.WS2_32(?,?,?,?,?,?,00287320,?,?,?,?,?,?), ref: 0016E17F
              • connect.WS2_32(00000000,?,00000000,?,?,?,00287320,?,?,?,?,?,?), ref: 0016E193
              • closesocket.WS2_32(00000000), ref: 0016E19E
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: Startupclosesocketconnectsocket
              • String ID:
              • API String ID: 3098855095-0
              • Opcode ID: 4c75ac212ce97357e7c98078e86df2c37009bddafb53578411585979f815ff17
              • Instruction ID: 2997fd772c75da8a057923aa11382d3f3c7bff71278f943cf85c8c1d3586b7b8
              • Opcode Fuzzy Hash: 4c75ac212ce97357e7c98078e86df2c37009bddafb53578411585979f815ff17
              • Instruction Fuzzy Hash: 5031C175605301AFDB209F258C89B2BB7E4EB86734F015F1DF9A8972E0D33198189B92
              Function 001CA520 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 234COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1983 1ca520-1ca53f 1984 1ca545-1ca558 1983->1984 1985 1ca651 call 152270 1983->1985 1986 1ca55a 1984->1986 1987 1ca580-1ca588 1984->1987 1989 1ca656 call 1521d0 1985->1989 1992 1ca55c-1ca561 1986->1992 1990 1ca58a-1ca58f 1987->1990 1991 1ca591-1ca596 1987->1991 1997 1ca65b-1ca681 call 2347b0 call 1b8450 1989->1997 1990->1992 1994 1ca598 1991->1994 1995 1ca59a-1ca5a2 1991->1995 1996 1ca564-1ca56f call 22f290 1992->1996 1994->1995 1998 1ca5a4-1ca5a9 1995->1998 1999 1ca5b1-1ca5b3 1995->1999 1996->1997 2006 1ca575-1ca57e 1996->2006 2018 1ca6aa-1ca6bc 1997->2018 2019 1ca683-1ca68c 1997->2019 1998->1989 2003 1ca5af 1998->2003 2004 1ca5b5-1ca5b6 call 22f290 1999->2004 2005 1ca5c2 1999->2005 2003->1996 2011 1ca5bb-1ca5c0 2004->2011 2009 1ca5c4-1ca5e3 2005->2009 2006->2009 2012 1ca5e5-1ca607 call 230f70 * 2 2009->2012 2013 1ca632-1ca64e call 230f70 * 2 2009->2013 2011->2009 2030 1ca609-1ca617 2012->2030 2031 1ca61b-1ca62f call 22f511 2012->2031 2022 1ca68e-1ca69c 2019->2022 2023 1ca6a0-1ca6a7 call 22f511 2019->2023 2026 1ca6bd-1ca6d9 call 2347b0 2022->2026 2027 1ca69e 2022->2027 2023->2018 2037 1ca71d-1ca724 2026->2037 2038 1ca6db-1ca6e1 2026->2038 2027->2023 2030->1997 2035 1ca619 2030->2035 2035->2031 2042 1ca726-1ca72e call 22f511 2037->2042 2043 1ca731 2037->2043 2040 1ca70b-1ca719 2038->2040 2041 1ca6e3-1ca6ed 2038->2041 2040->2037 2044 1ca6ef-1ca6fd 2041->2044 2045 1ca701-1ca708 call 22f511 2041->2045 2042->2043 2047 1ca6ff 2044->2047 2048 1ca732-1ca74c call 2347b0 call 1bfa40 2044->2048 2045->2040 2047->2045
              APIs
              • Concurrency::cancel_current_task.LIBCPMT ref: 001CA656
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: Concurrency::cancel_current_task
              • String ID: pected $unexpected
              • API String ID: 118556049-356062554
              • Opcode ID: 0e3f9443d5f46b16e1f34f53387d515e59a8d1ad700989359f8fd67a5b5501e7
              • Instruction ID: 3e84e632f30cd0e484ea2416581350ba76caff15530bc389d85880ae96755ce1
              • Opcode Fuzzy Hash: 0e3f9443d5f46b16e1f34f53387d515e59a8d1ad700989359f8fd67a5b5501e7
              • Instruction Fuzzy Hash: 115178725001149FD719EF28EC81B6EB7A5EF54304FA4426DF802CB645DB30ED518BD1
              Function 0015A690 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2056 15a690-15a6a7 call 22e812 2059 15a6fe-15a722 call 22e4bb call 22e812 2056->2059 2060 15a6a9-15a6ab 2056->2060 2073 15a724-15a73e call 22e823 2059->2073 2074 15a73f-15a745 call 22e4bb 2059->2074 2062 15a6e7 2060->2062 2063 15a6ad-15a6af 2060->2063 2064 15a6e9-15a6fd call 22e823 2062->2064 2066 15a6b2-15a6b7 2063->2066 2066->2066 2069 15a6b9-15a6bb 2066->2069 2069->2062 2072 15a6bd-15a6c7 GetFileAttributesA 2069->2072 2075 15a6e3-15a6e5 2072->2075 2076 15a6c9-15a6d2 2072->2076 2075->2064 2076->2075 2082 15a6d4-15a6d7 2076->2082 2082->2075 2084 15a6d9-15a6dc 2082->2084 2084->2075 2085 15a6de-15a6e1 2084->2085 2085->2062 2085->2075
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: Mtx_unlock$AttributesFile
              • String ID:
              • API String ID: 1886074773-0
              • Opcode ID: 56623f54fcf71438c4adbd401a2daaf74b7be9b25d099c98412ed60230b0491a
              • Instruction ID: 4eae987037ffc0b024cf9b0696cc5fb7e490a31218bc3bb6fbc424d3369ea6fb
              • Opcode Fuzzy Hash: 56623f54fcf71438c4adbd401a2daaf74b7be9b25d099c98412ed60230b0491a
              • Instruction Fuzzy Hash: 83016691AE51207A8C3431743C564BB65088C1332A7AD0B22FD75CE256F703DC28A6D3
              Function 0015A090 Relevance: 3.3, APIs: 2, Instructions: 342COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2086 15a090-15a12b call 22f290 call 152ae0 2091 15a130-15a13b 2086->2091 2091->2091 2092 15a13d-15a148 2091->2092 2093 15a14d-15a15e call 235362 2092->2093 2094 15a14a 2092->2094 2097 15a1c4-15a1ca 2093->2097 2098 15a160-15a189 call 239136 call 234eeb call 239136 2093->2098 2094->2093 2100 15a1f4-15a206 2097->2100 2101 15a1cc-15a1d8 2097->2101 2115 15a19b-15a1a2 call 1bcf60 2098->2115 2116 15a18b-15a18f 2098->2116 2103 15a1ea-15a1f1 call 22f511 2101->2103 2104 15a1da-15a1e8 2101->2104 2103->2100 2104->2103 2106 15a207-15a2ab call 2347b0 call 22f290 call 152ae0 2104->2106 2124 15a2b0-15a2bb 2106->2124 2122 15a1a7-15a1ad 2115->2122 2118 15a191 2116->2118 2119 15a193-15a199 2116->2119 2118->2119 2119->2122 2125 15a1b1-15a1c1 call 23dbdf call 238be8 2122->2125 2126 15a1af 2122->2126 2124->2124 2127 15a2bd-15a2c8 2124->2127 2125->2097 2126->2125 2129 15a2cd-15a2de call 235362 2127->2129 2130 15a2ca 2127->2130 2136 15a351-15a357 2129->2136 2137 15a2e0-15a305 call 239136 call 234eeb call 239136 2129->2137 2130->2129 2139 15a381-15a393 2136->2139 2140 15a359-15a365 2136->2140 2155 15a307 2137->2155 2156 15a30c-15a316 2137->2156 2142 15a377-15a37e call 22f511 2140->2142 2143 15a367-15a375 2140->2143 2142->2139 2143->2142 2145 15a394-15a3ae call 2347b0 2143->2145 2152 15a3b0-15a3bb 2145->2152 2152->2152 2154 15a3bd-15a3c8 2152->2154 2157 15a3cd-15a3df call 235362 2154->2157 2158 15a3ca 2154->2158 2155->2156 2159 15a328-15a32f call 1bcf60 2156->2159 2160 15a318-15a31c 2156->2160 2169 15a3e1-15a3f9 call 239136 call 234eeb call 238be8 2157->2169 2170 15a3fc-15a403 2157->2170 2158->2157 2165 15a334-15a33a 2159->2165 2161 15a320-15a326 2160->2161 2162 15a31e 2160->2162 2161->2165 2162->2161 2167 15a33c 2165->2167 2168 15a33e-15a349 call 23dbdf call 238be8 2165->2168 2167->2168 2185 15a34e 2168->2185 2169->2170 2171 15a405-15a411 2170->2171 2172 15a42d-15a433 2170->2172 2175 15a423-15a42a call 22f511 2171->2175 2176 15a413-15a421 2171->2176 2175->2172 2176->2175 2179 15a434-15a439 call 2347b0 2176->2179 2185->2136
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: __fread_nolock
              • String ID:
              • API String ID: 2638373210-0
              • Opcode ID: 24c507cb5ce57e1ba12f096c1645ded9ee734cfdb333e40d78e99a1ad0f2b34d
              • Instruction ID: 247f9a553da6882b64247c8fb9b7ebdae2585617a5b5c01da726145aec099249
              • Opcode Fuzzy Hash: 24c507cb5ce57e1ba12f096c1645ded9ee734cfdb333e40d78e99a1ad0f2b34d
              • Instruction Fuzzy Hash: 4CB126B0910204EFDB18DF68CC45BAEBBE8EF41704F50866DF8199F682D7B49945CB92
              Function 00244623 Relevance: 3.3, APIs: 2, Instructions: 297COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2190 244623-244633 2191 244635-244648 call 23d22c call 23d23f 2190->2191 2192 24464d-24464f 2190->2192 2206 2449a7 2191->2206 2194 244655-24465b 2192->2194 2195 24498f-24499c call 23d22c call 23d23f 2192->2195 2194->2195 2197 244661-24468a 2194->2197 2214 2449a2 call 2347a0 2195->2214 2197->2195 2200 244690-244699 2197->2200 2203 2446b3-2446b5 2200->2203 2204 24469b-2446ae call 23d22c call 23d23f 2200->2204 2209 24498b-24498d 2203->2209 2210 2446bb-2446bf 2203->2210 2204->2214 2212 2449aa-2449ad 2206->2212 2209->2212 2210->2209 2211 2446c5-2446c9 2210->2211 2211->2204 2215 2446cb-2446e2 2211->2215 2214->2206 2218 2446e4-2446e7 2215->2218 2219 244717-24471d 2215->2219 2221 24470d-244715 2218->2221 2222 2446e9-2446ef 2218->2222 2223 2446f1-244708 call 23d22c call 23d23f call 2347a0 2219->2223 2224 24471f-244726 2219->2224 2226 24478a-2447a9 2221->2226 2222->2221 2222->2223 2253 2448c2 2223->2253 2227 244728 2224->2227 2228 24472a-244748 call 246e2d call 246db3 * 2 2224->2228 2231 244865-24486e call 250d44 2226->2231 2232 2447af-2447bb 2226->2232 2227->2228 2258 244765-244788 call 23e13d 2228->2258 2259 24474a-244760 call 23d23f call 23d22c 2228->2259 2244 244870-244882 2231->2244 2245 2448df 2231->2245 2232->2231 2233 2447c1-2447c3 2232->2233 2233->2231 2237 2447c9-2447ea 2233->2237 2237->2231 2241 2447ec-244802 2237->2241 2241->2231 2246 244804-244806 2241->2246 2244->2245 2249 244884-244893 2244->2249 2250 2448e3-2448f9 ReadFile 2245->2250 2246->2231 2251 244808-24482b 2246->2251 2249->2245 2268 244895-244899 2249->2268 2254 244957-244962 2250->2254 2255 2448fb-244901 2250->2255 2251->2231 2257 24482d-244843 2251->2257 2260 2448c5-2448cf call 246db3 2253->2260 2270 244964-244976 call 23d23f call 23d22c 2254->2270 2271 24497b-24497e 2254->2271 2255->2254 2256 244903 2255->2256 2263 244906-244918 2256->2263 2257->2231 2264 244845-244847 2257->2264 2258->2226 2259->2253 2260->2212 2263->2260 2272 24491a-24491e 2263->2272 2264->2231 2273 244849-244860 2264->2273 2268->2250 2269 24489b-2448b3 2268->2269 2290 2448d4-2448dd 2269->2290 2291 2448b5 2269->2291 2270->2253 2280 244984-244986 2271->2280 2281 2448bb-2448c1 call 23d1e5 2271->2281 2278 244937-244944 2272->2278 2279 244920-244930 call 244335 2272->2279 2273->2231 2287 244946 call 24448c 2278->2287 2288 244950-244955 call 24417b 2278->2288 2298 244933-244935 2279->2298 2280->2260 2281->2253 2299 24494b-24494e 2287->2299 2288->2299 2290->2263 2291->2281 2298->2260 2299->2298
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c900ffc51cd28a70b4fd4abea1118d63c124d67ece04b05c7c8e53c3c997a17
              • Instruction ID: 2cc9b8bbd9fbec88045bf61815f2a093168976042f37cae6e393a5338b2ac24b
              • Opcode Fuzzy Hash: 0c900ffc51cd28a70b4fd4abea1118d63c124d67ece04b05c7c8e53c3c997a17
              • Instruction Fuzzy Hash: C1B11874E24246AFDB19EFA8E844BAEBBB5AF45304F144159E844AB282C770DD61CF50
              Function 0024549C Relevance: 1.7, APIs: 1, Instructions: 198fileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2301 24549c-2454be 2302 2454c4-2454c6 2301->2302 2303 2456b1 2301->2303 2305 2454f2-245515 2302->2305 2306 2454c8-2454e7 call 234723 2302->2306 2304 2456b3-2456b7 2303->2304 2307 245517-245519 2305->2307 2308 24551b-245521 2305->2308 2314 2454ea-2454ed 2306->2314 2307->2308 2310 245523-245534 2307->2310 2308->2306 2308->2310 2312 245536-245544 call 23e17d 2310->2312 2313 245547-245557 call 244fe1 2310->2313 2312->2313 2319 2455a0-2455b2 2313->2319 2320 245559-24555f 2313->2320 2314->2304 2321 2455b4-2455ba 2319->2321 2322 245609-245629 WriteFile 2319->2322 2323 245561-245564 2320->2323 2324 245588-24559e call 244bb2 2320->2324 2328 2455f5-245607 call 24505e 2321->2328 2329 2455bc-2455bf 2321->2329 2325 245634 2322->2325 2326 24562b-245631 2322->2326 2330 245566-245569 2323->2330 2331 24556f-24557e call 244f79 2323->2331 2340 245581-245583 2324->2340 2333 245637-245642 2325->2333 2326->2325 2348 2455dc-2455df 2328->2348 2334 2455e1-2455f3 call 245222 2329->2334 2335 2455c1-2455c4 2329->2335 2330->2331 2336 245649-24564c 2330->2336 2331->2340 2341 245644-245647 2333->2341 2342 2456ac-2456af 2333->2342 2334->2348 2343 24564f-245651 2335->2343 2344 2455ca-2455d7 call 245139 2335->2344 2336->2343 2340->2333 2341->2336 2342->2304 2350 245653-245658 2343->2350 2351 24567f-24568b 2343->2351 2344->2348 2348->2340 2353 245671-24567a call 23d208 2350->2353 2354 24565a-24566c 2350->2354 2355 245695-2456a7 2351->2355 2356 24568d-245693 2351->2356 2353->2314 2354->2314 2355->2314 2356->2303 2356->2355
              APIs
              • WriteFile.KERNELBASE(?,00000000,00239087,?,00000000,00000000,00000000,?,00000000,?,0022E5B1,00239087,00000000,0022E5B1,?,?), ref: 00245622
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: FileWrite
              • String ID:
              • API String ID: 3934441357-0
              • Opcode ID: ff83b6f6a64a69dc74f4f79807fa6fe4e1e93a983a5e4bd566eeccf2771ab997
              • Instruction ID: 63bf414471c20d4ca58cf0e11037281e41f848f3054f16dc591b6f9fdf2b8534
              • Opcode Fuzzy Hash: ff83b6f6a64a69dc74f4f79807fa6fe4e1e93a983a5e4bd566eeccf2771ab997
              • Instruction Fuzzy Hash: AE61C671D2452AAFDF19DFA8C844EFEBBBAEF09304F550145E844A7246D371D921CBA0
              Function 00234942 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2359 234942-23494f 2360 234951-234974 call 234723 2359->2360 2361 234979-23498d call 245f82 2359->2361 2366 234ae0-234ae2 2360->2366 2367 234992-23499b call 23e11f 2361->2367 2368 23498f 2361->2368 2370 2349a0-2349af 2367->2370 2368->2367 2371 2349b1 2370->2371 2372 2349bf-2349c8 2370->2372 2373 2349b7-2349b9 2371->2373 2374 234a89-234a8e 2371->2374 2375 2349ca-2349d7 2372->2375 2376 2349dc-234a10 2372->2376 2373->2372 2373->2374 2377 234ade-234adf 2374->2377 2378 234adc 2375->2378 2379 234a12-234a1c 2376->2379 2380 234a6d-234a79 2376->2380 2377->2366 2378->2377 2381 234a43-234a4f 2379->2381 2382 234a1e-234a2a 2379->2382 2383 234a90-234a93 2380->2383 2384 234a7b-234a82 2380->2384 2381->2383 2387 234a51-234a6b call 234e59 2381->2387 2382->2381 2386 234a2c-234a3e call 234cae 2382->2386 2385 234a96-234a9e 2383->2385 2384->2374 2388 234aa0-234aa6 2385->2388 2389 234ada 2385->2389 2386->2377 2387->2385 2392 234aa8-234abc call 234ae3 2388->2392 2393 234abe-234ac2 2388->2393 2389->2378 2392->2377 2397 234ad5-234ad7 2393->2397 2398 234ac4-234ad2 call 254a10 2393->2398 2397->2389 2398->2397
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f639f0507ac4914966abf53ff329dcc99e50620f119ba91d0c0d26ec52794bfd
              • Instruction ID: 6b79af861b1b7702bfcdc34e5a1aae092a8c6f9270c835592cef5a1bb2f78b95
              • Opcode Fuzzy Hash: f639f0507ac4914966abf53ff329dcc99e50620f119ba91d0c0d26ec52794bfd
              • Instruction Fuzzy Hash: BC51F8B0A10108AFDF14EF58CC55AAABFB1EF45314F248199F8499B352D371EE61CB90
              Function 001C0560 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2402 1c0560-1c057f 2403 1c06a9 call 152270 2402->2403 2404 1c0585-1c0598 2402->2404 2409 1c06ae call 1521d0 2403->2409 2406 1c059a 2404->2406 2407 1c05c0-1c05c8 2404->2407 2408 1c059c-1c05a1 2406->2408 2410 1c05ca-1c05cf 2407->2410 2411 1c05d1-1c05d5 2407->2411 2412 1c05a4-1c05a5 call 22f290 2408->2412 2417 1c06b3-1c06b8 call 2347b0 2409->2417 2410->2408 2414 1c05d9-1c05e1 2411->2414 2415 1c05d7 2411->2415 2420 1c05aa-1c05af 2412->2420 2418 1c05f0-1c05f2 2414->2418 2419 1c05e3-1c05e8 2414->2419 2415->2414 2423 1c05f4-1c05ff call 22f290 2418->2423 2424 1c0601 2418->2424 2419->2409 2422 1c05ee 2419->2422 2420->2417 2426 1c05b5-1c05be 2420->2426 2422->2412 2425 1c0603-1c0629 2423->2425 2424->2425 2429 1c062b-1c0655 call 230f70 call 2314f0 2425->2429 2430 1c0680-1c06a6 call 230f70 call 2314f0 2425->2430 2426->2425 2440 1c0669-1c067d call 22f511 2429->2440 2441 1c0657-1c0665 2429->2441 2441->2417 2442 1c0667 2441->2442 2442->2440
              APIs
              • Concurrency::cancel_current_task.LIBCPMT ref: 001C06AE
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: Concurrency::cancel_current_task
              • String ID:
              • API String ID: 118556049-0
              • Opcode ID: af6713065366bd82e79030144ac7431e9b0eb4b0f2d5a994d3e08bb69875dc56
              • Instruction ID: 7416f9cda4d79f6f98a450abbf74aaa8061eace76bde9728d490e4bcfb72402e
              • Opcode Fuzzy Hash: af6713065366bd82e79030144ac7431e9b0eb4b0f2d5a994d3e08bb69875dc56
              • Instruction Fuzzy Hash: CC41E772A00124DBCB16DF68DD80A6E7BA5AF99350F15026DFC05DB341D730DD619BE1
              Function 00244B12 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2445 244b12-244b26 call 24a6de 2448 244b2c-244b34 2445->2448 2449 244b28-244b2a 2445->2449 2451 244b36-244b3d 2448->2451 2452 244b3f-244b42 2448->2452 2450 244b7a-244b9a call 24a64d 2449->2450 2462 244bac 2450->2462 2463 244b9c-244baa call 23d208 2450->2463 2451->2452 2454 244b4a-244b5e call 24a6de * 2 2451->2454 2455 244b44-244b48 2452->2455 2456 244b60-244b70 call 24a6de FindCloseChangeNotification 2452->2456 2454->2449 2454->2456 2455->2454 2455->2456 2456->2449 2466 244b72-244b78 2456->2466 2464 244bae-244bb1 2462->2464 2463->2464 2466->2450
              APIs
              • FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,002449F9,00000000,CF830579,00281140,0000000C,00244AB5,00238BBD,?), ref: 00244B69
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 3d8981baedd9976a097bb0c280cabdd524f639cd14b5df7332e3ceb727a115ca
              • Instruction ID: ec84823d04b65fa8c1b156cb1355f5784935bf908bc09738b799629363de61d2
              • Opcode Fuzzy Hash: 3d8981baedd9976a097bb0c280cabdd524f639cd14b5df7332e3ceb727a115ca
              • Instruction Fuzzy Hash: A3116B33F7412516CB2D7A356849BBE674DCB8277CF2A0609FC049F0C2EE61D8615245
              Function 0023E05C Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2471 23e05c-23e074 call 24a6de 2474 23e076-23e07d 2471->2474 2475 23e08a-23e0a0 SetFilePointerEx 2471->2475 2476 23e084-23e088 2474->2476 2477 23e0a2-23e0b3 call 23d208 2475->2477 2478 23e0b5-23e0bf 2475->2478 2479 23e0db-23e0de 2476->2479 2477->2476 2478->2476 2480 23e0c1-23e0d6 2478->2480 2480->2479
              APIs
              • SetFilePointerEx.KERNELBASE(00000000,00000000,00280DF8,0022E5B1,00000002,0022E5B1,00000000,?,?,?,0023E166,00000000,?,0022E5B1,00000002,00280DF8), ref: 0023E099
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: FilePointer
              • String ID:
              • API String ID: 973152223-0
              • Opcode ID: 4005833f9e3455eda50963c67b6e3da2973c6e197b7ff9b1177793ca8b661abf
              • Instruction ID: 25972368966fbf4f2f107a78e089bbb7847e61d398a971be95eaae3a20818a59
              • Opcode Fuzzy Hash: 4005833f9e3455eda50963c67b6e3da2973c6e197b7ff9b1177793ca8b661abf
              • Instruction Fuzzy Hash: CA01267222411AABCF09CF19DC05D9F3B29DB85334F250248FC50AB1D1E6B2E9618BD0
              Function 0022F290 Relevance: 1.6, APIs: 1, Instructions: 51COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2484 22f290-22f293 2485 22f2a2-22f2a5 call 23df2c 2484->2485 2487 22f2aa-22f2ad 2485->2487 2488 22f295-22f2a0 call 2417d8 2487->2488 2489 22f2af-22f2b0 2487->2489 2488->2485 2492 22f2b1-22f2b5 2488->2492 2493 1521d0-152220 call 1521b0 call 230efb call 230651 2492->2493 2494 22f2bb 2492->2494 2494->2494
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 0015220E
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID:
              • API String ID: 2659868963-0
              • Opcode ID: a16a0b60457cde5b7dbdbf4842bcaa9b738185594595c9e96495054b6de03d1d
              • Instruction ID: e91ce039f0f182e76b71a757d55849c176f562a1e839d7907e5ccc788f1168b2
              • Opcode Fuzzy Hash: a16a0b60457cde5b7dbdbf4842bcaa9b738185594595c9e96495054b6de03d1d
              • Instruction Fuzzy Hash: 30012B7652030DFBCB14AFA8F84295A77AC9A01320F508535FE18DB591E770E9748B94
              Function 002463F3 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2501 2463f3-2463fe 2502 246400-24640a 2501->2502 2503 24640c-246412 2501->2503 2502->2503 2504 246440-24644b call 23d23f 2502->2504 2505 246414-246415 2503->2505 2506 24642b-24643c RtlAllocateHeap 2503->2506 2511 24644d-24644f 2504->2511 2505->2506 2507 246417-24641e call 243f93 2506->2507 2508 24643e 2506->2508 2507->2504 2514 246420-246429 call 2417d8 2507->2514 2508->2511 2514->2504 2514->2506
              APIs
              • RtlAllocateHeap.NTDLL(00000008,0022D6FA,00000004,?,00245D79,00000001,00000364,00000004,00000007,000000FF,?,0023067B,00000002,00000000,?,?), ref: 00246435
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 9ca49e0b5c3324890463958f9e00f95d4394e967fa3496e0ff3528a61d8fbacd
              • Instruction ID: 4bb94d097a241c5fd248eda6a72f0a8cb2ca432687aff3d5300905d4f6bf4c34
              • Opcode Fuzzy Hash: 9ca49e0b5c3324890463958f9e00f95d4394e967fa3496e0ff3528a61d8fbacd
              • Instruction Fuzzy Hash: 12F08931575125669F396F629C0EB5B7B499F837A4F258011EC04AA581CB70D83146F3
              Function 00246E2D Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2517 246e2d-246e39 2518 246e6b-246e76 call 23d23f 2517->2518 2519 246e3b-246e3d 2517->2519 2526 246e78-246e7a 2518->2526 2520 246e56-246e67 RtlAllocateHeap 2519->2520 2521 246e3f-246e40 2519->2521 2524 246e42-246e49 call 243f93 2520->2524 2525 246e69 2520->2525 2521->2520 2524->2518 2529 246e4b-246e54 call 2417d8 2524->2529 2525->2526 2529->2518 2529->2520
              APIs
              • RtlAllocateHeap.NTDLL(00000000,00000004,00000000,?,0023067B,00000002,00000000,?,?,?,0015303D,0022D6FA,00000004,00000000,0022D6FA), ref: 00246E60
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: af15f71a298d451be548b0025c99a7f475f3bede0e9bc38d4618d472d80f2a1c
              • Instruction ID: a2ccf6ede60a8c696ae244536fb63346b8b20bd3a6c9e7c0c8de8782395b08c9
              • Opcode Fuzzy Hash: af15f71a298d451be548b0025c99a7f475f3bede0e9bc38d4618d472d80f2a1c
              • Instruction Fuzzy Hash: 84E0ED39371622AAEB382AA5DD08F6B76C88F83BA0F550120EC04964D2CB60C83085A6

              Non-executed Functions

              Function 001648E0 Relevance: 146.4, APIs: 4, Strings: 79, Instructions: 1131registryCOMMON
              Download Yara Rule
              APIs
              • RegCreateKeyExA.ADVAPI32(?,A3B0BAA7,00000000,00000000,00000000,00020006,00000000,?,00000000), ref: 00164A3A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: Create
              • String ID: EL{$GGYw$Gx|w$Gx|w$Gx|w$Gx|w$HPUN$K`io$Pdmn$SE[\$Z$ZF$\||~$\||~$\||~$^BZJ$^B[\$b$ckzS$ckzS$ckzS$ckzS$csgf$eb`$erqS$f$fnKh$gqoh$g{ce$g{ce$hqoj$iUZJ$ibkf$ibkf$ibkf$ibkf$ibkf$ilgN$inpN$iugM$j$k$k$kkos$kkos$kqoa$k{ex$k{ex$k{ex$k{ex$k{ex$k}cd$mLdj$nSgb$nak$ndnz$pxub$rnvf$ry{m$ry{m$ry{m$v`$vjrb$wYKn$wYKn$wYKn$wYKn$wYKn$wlii$xdaa$xugm$yp${${be7${be7${be7${beK$|dZ@$|sGB
              • API String ID: 2289755597-3742130022
              • Opcode ID: ca72c2763bcf31178c87331710892e1f93654f88e3d7645461a0d056ca74bb68
              • Instruction ID: 40cde9a6c219f90deb6cb82f6abb52c9638120a9ebcf544c8fd397e20d718d77
              • Opcode Fuzzy Hash: ca72c2763bcf31178c87331710892e1f93654f88e3d7645461a0d056ca74bb68
              • Instruction Fuzzy Hash: F9B28570A14269CFDB28CF48C8A0BAEBBB2FF45704F15808DD5496F292D771AE55CB90
              Function 00166689 Relevance: 34.7, APIs: 1, Strings: 18, Instructions: 1432COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: Mtx_unlock
              • String ID: $*`'$$*`'$$*tk$'[_+$'[_+$(ACL$*$+wj'$.$.$@@MC$DH][$I^Z$OFMM$RM[#$\$e`vf$e`vf
              • API String ID: 1418687624-1120457843
              • Opcode ID: 1fe3182b30f9b3c49179eab06f3ca725b74aa9c156482842247108348d89750a
              • Instruction ID: cab98e79b091a6158f378f126962dd14505374873736759fb9ba2146a9bb5623
              • Opcode Fuzzy Hash: 1fe3182b30f9b3c49179eab06f3ca725b74aa9c156482842247108348d89750a
              • Instruction Fuzzy Hash: FED26A709042588FDB69CF68CC987EDBBB1BF09304F1482E9D449AB382D7719A95CF91
              Function 00169F50 Relevance: 32.1, APIs: 2, Strings: 15, Instructions: 2331injectionCOMMON
              Download Yara Rule
              APIs
              • WriteProcessMemory.KERNEL32(00000000,00000000,?,00000218,00000000,00284D8C,0000000E,0000003A,?), ref: 0016A1BC
              • WriteProcessMemory.KERNEL32(00256605,00000218,00169E30,00000110,00000000), ref: 0016A1DB
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: MemoryProcessWrite
              • String ID: $$%s|%s$,$,$.$.$131$:$arqt$er$irvl$type must be boolean, but is $v|$|N($|N(
              • API String ID: 3559483778-1803285617
              • Opcode ID: 625893b1ace850b64b83fa6388c8808b014df653ce8c51424a8b3a4af482a9b4
              • Instruction ID: fa29122055b65e75841f174f69c1ed793287837b045ed6354fe89742c10742d1
              • Opcode Fuzzy Hash: 625893b1ace850b64b83fa6388c8808b014df653ce8c51424a8b3a4af482a9b4
              • Instruction Fuzzy Hash: 8723CF70D042588FDB28DF68CD98BEDBBB4EF15304F148199E449AB292DB319E94CF91
              Function 0016C0A0 Relevance: 28.8, Strings: 22, Instructions: 1274COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: AddressConcurrency::cancel_current_taskProc
              • String ID: "<!l$+acj$/$4N($;ciu$C$Content-Type: application/x-www-form-urlencoded$c`in$cno,$dfgw$eh~6$f~aa$g&$https://ipinfo.io/$https://www.maxmind.com/en/locate-my-ip-address$khc)$mn-k$ose,$x&|9$xaz4$yek<$yp
              • API String ID: 3114269349-2797373304
              • Opcode ID: aaab5af0d9d232860b87f31c38019dda9162ff34215ff305c9798568927f0e9a
              • Instruction ID: 57246e6a1942dd9ac7b36e614e08b2a68830ab9a23478cb1e06fe77af8a0665e
              • Opcode Fuzzy Hash: aaab5af0d9d232860b87f31c38019dda9162ff34215ff305c9798568927f0e9a
              • Instruction Fuzzy Hash: 57C28C70D00268DADF24EB64CC56BEDBBB5AF25304F4440D9E54A77282DB705B88CFA2
              Function 001D3F80 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 263libraryloaderCOMMON
              Download Yara Rule
              APIs
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 001D40CC
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 001D4116
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 001D414E
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 001D4196
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 001D41E9
              Strings
              • mdmv, xrefs: 001D4316
              • vdPf, xrefs: 001D4249
              • D`vb, xrefs: 001D41B4
              • pv, xrefs: 001D431D
              • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36, xrefs: 001D4037
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: AddressProc
              • String ID: D`vb$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36$mdmv$pv$vdPf
              • API String ID: 190572456-2376812635
              • Opcode ID: e2e2860f9ff81168496686e46a97977b091c727437fd6d73363b2749563ed74b
              • Instruction ID: 4a22c1f183cdea8cdcd2edd499ee53a216c9ae33310459d0443c9c8da604e171
              • Opcode Fuzzy Hash: e2e2860f9ff81168496686e46a97977b091c727437fd6d73363b2749563ed74b
              • Instruction Fuzzy Hash: ABC116B08183889FDB44DFA8E4947EDBFF4EF19304F14406EE845AB642E3759509CBA9
              Function 0022CE10 Relevance: 11.7, Strings: 9, Instructions: 461COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: BINARY$MATCH$NOCASE$RTRIM$automatic extension loading failed: %s$main$no such vfs: %s$sqlite_rename_table$temp
              • API String ID: 0-1230920970
              • Opcode ID: 355c7433bbf27b06dee39e297b712bd23693fec31709ceeb0a80e96d9909d1a5
              • Instruction ID: 8e7edfb6834514465a5e01a267edfd2c59c796df5bad2e6bc875f87d199fd995
              • Opcode Fuzzy Hash: 355c7433bbf27b06dee39e297b712bd23693fec31709ceeb0a80e96d9909d1a5
              • Instruction Fuzzy Hash: FAF1E6B0A20321ABEB109FA4FC8976A7754AF50714F2440A8ED09AF287D7B5DD64CBD1
              Function 001591A0 Relevance: 9.9, APIs: 2, Strings: 3, Instructions: 1146COMMON
              Download Yara Rule
              APIs
              • Process32Next.KERNEL32(00000000,00000128), ref: 001592B0
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: NextProcess32
              • String ID: /$/\/$\
              • API String ID: 1850201408-1523196992
              • Opcode ID: 9b6cc70262a63bf9407c86dad54f7151dd12f906c61e13fd4a646c665494be35
              • Instruction ID: 0b80606c0cc14b4092ac46353d43df2824a964a0993c72bddc101f14f2b0b9ae
              • Opcode Fuzzy Hash: 9b6cc70262a63bf9407c86dad54f7151dd12f906c61e13fd4a646c665494be35
              • Instruction Fuzzy Hash: DC92F471D00248CFDF19CFA8C894AEEFBB5EF05315F14426DD865AB281E7315A4ACB92
              Function 001D9880 Relevance: 7.0, Strings: 5, Instructions: 748COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: header crc mismatch$incorrect header check$invalid window size$unknown compression method$unknown header flags set
              • API String ID: 0-3633268661
              • Opcode ID: a112fdca51c9b46f277b97b934093a3e49c9a12ac6fea5a6fd481ad6b315dbbc
              • Instruction ID: a5901df56cdd32ced989fc2909feb4539da7ba708de084160644fce6a09e4910
              • Opcode Fuzzy Hash: a112fdca51c9b46f277b97b934093a3e49c9a12ac6fea5a6fd481ad6b315dbbc
              • Instruction Fuzzy Hash: F76282B1E002559FDF18CF59C5846ADBBF2AF88304F2885AED808AB346D735D946CF91
              Function 002384A0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f97ce6278b5da815f6c389bae476adc5dc884afc24939f4c376b69ad4ad6edd
              • Instruction ID: 632debe1328f25a00d1ce2734d171acc75d4c2278060fdb6ea5ddca589e5c068
              • Opcode Fuzzy Hash: 3f97ce6278b5da815f6c389bae476adc5dc884afc24939f4c376b69ad4ad6edd
              • Instruction Fuzzy Hash: 56023CB1E1121A9BDF14CFA9C8807AEFBF5FF48314F248269E515EB340DB31A9518B90
              Function 001D6C00 Relevance: 3.6, Strings: 2, Instructions: 1073COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: buffer error$stream error
              • API String ID: 0-1018483818
              • Opcode ID: 1db56061ee44b7bb3318655b84aa025a144422da17fdfeae2b2b5172374f73d1
              • Instruction ID: e024878785c31529b8bea62b43e2f0a8c01b2134e189b9481df85908472b53a8
              • Opcode Fuzzy Hash: 1db56061ee44b7bb3318655b84aa025a144422da17fdfeae2b2b5172374f73d1
              • Instruction Fuzzy Hash: B2A25C74A04A02DFCB24CF68D18096AB7F1FF49304B14866ED8558BB81E734F956CFA1
              Function 001524F0 Relevance: 2.7, Strings: 2, Instructions: 221COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: L($L(
              • API String ID: 0-1286290936
              • Opcode ID: 464c16cddcd519b1ab81fec7f056fcce7d371408ffa0747e468e7dad3a8c71a8
              • Instruction ID: 5d9c4cf4c7561d787722d6a5d6b061a74eaf158952c5bf49bab917690cfb8e6a
              • Opcode Fuzzy Hash: 464c16cddcd519b1ab81fec7f056fcce7d371408ffa0747e468e7dad3a8c71a8
              • Instruction Fuzzy Hash: FF71F4B6E01156CFDB14DF68D8E07FEBBB5AB2A301F040269DC659B742D734990AC7A0
              Function 001E68C0 Relevance: 1.7, APIs: 1, Instructions: 234COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: __allrem
              • String ID:
              • API String ID: 2933888876-0
              • Opcode ID: a87905cb6565a46ad7e4c9cb387ce8e340f7b6742791b946ee519f046e29c656
              • Instruction ID: e80ede1dd408d5ad90fd28a40fbf1d95c159296c194baa3859bab7f61dff01e7
              • Opcode Fuzzy Hash: a87905cb6565a46ad7e4c9cb387ce8e340f7b6742791b946ee519f046e29c656
              • Instruction Fuzzy Hash: 1F818171A001859FDB08CF9DCC80AAEBBB5AF99304F5480A9E914EB342D375EE45CB91
              Function 001E63D0 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: __allrem
              • String ID:
              • API String ID: 2933888876-0
              • Opcode ID: 93d9116fef990718128c856b79d4cad9513420ac30789c370918fc53520b1e9c
              • Instruction ID: cf3ba6a16ba696613613a61b48f8e62d30cfa019fe0375d42b0ba9789a18d0fd
              • Opcode Fuzzy Hash: 93d9116fef990718128c856b79d4cad9513420ac30789c370918fc53520b1e9c
              • Instruction Fuzzy Hash: 9C617C71610B80CFCB18CF6DC88056AFBF5AFA4300B0489AEDC86DB752D630E955CB90
              Function 0023BEAF Relevance: 1.6, Strings: 1, Instructions: 333COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: 0
              • API String ID: 0-4108050209
              • Opcode ID: d5e76c8b4de114984b9a9763f9d09384808729d25c34dc2b385007ddf03f35b4
              • Instruction ID: 4dce5c06db1d93f46d092f431dc21d8721b5637e8224f8d3412a398d3d117b78
              • Opcode Fuzzy Hash: d5e76c8b4de114984b9a9763f9d09384808729d25c34dc2b385007ddf03f35b4
              • Instruction Fuzzy Hash: 32C102F452074BCFCB29CF68C98467AB7B1AF05300F241619EA96A7A52C331ED65DF50
              Function 0023BB6D Relevance: 1.6, Strings: 1, Instructions: 318COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: 0
              • API String ID: 0-4108050209
              • Opcode ID: 80fe08d0e465fc427e71dfbfce1812cfc046ea108b5dafc407713002743ef7ed
              • Instruction ID: 59eca991c695b445461842bc6b97f66c50c7c7d12763629cc51faadf0b29025b
              • Opcode Fuzzy Hash: 80fe08d0e465fc427e71dfbfce1812cfc046ea108b5dafc407713002743ef7ed
              • Instruction Fuzzy Hash: 2BB1E8F092060B8FCB36CE78C595ABEB7B1AF04704F140A1EDB92A7691CB359D25CB41
              Function 0022F26A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
              Download Yara Rule
              APIs
              • GetSystemTimePreciseAsFileTime.KERNEL32(?,0022EC78,?,?,?,?,001640EB,?,0016F5EB), ref: 0022F283
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: Time$FilePreciseSystem
              • String ID:
              • API String ID: 1802150274-0
              • Opcode ID: 62d9d832d093168e1d38da98eba81fedfd3b12f38a17eb01bf2a0a469e35dcb5
              • Instruction ID: 132cc5b34e43100e5782ff99951d22326e163abcf3b289ec8866f0505f8086e8
              • Opcode Fuzzy Hash: 62d9d832d093168e1d38da98eba81fedfd3b12f38a17eb01bf2a0a469e35dcb5
              • Instruction Fuzzy Hash: 70D0223662223DB38A813FD0BC1886DBB28DE0ABD03800036ED09471248B612C204BE8
              Function 001DF360 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: -
              • API String ID: 0-2547889144
              • Opcode ID: ffad52e287b60b8b48c8f6c01dcfbe838c716be90c45fb450b26370899277487
              • Instruction ID: 68d141b60457a35111f080c630ff81a6da6adce0196c7816e9e29d9537b7057d
              • Opcode Fuzzy Hash: ffad52e287b60b8b48c8f6c01dcfbe838c716be90c45fb450b26370899277487
              • Instruction Fuzzy Hash: 93818270951648AEEF219AB8C840BEDFFF0EF05201F1489E9E8D5E3B41D678D64AC761
              Function 001D5B20 Relevance: .8, Instructions: 759COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c5316f1b48f63a7bb38c0e6b3ea4f58914c08cb1eb6d5d8162fff3f7cf674ca
              • Instruction ID: aafd978c153ece6b4d32413b7f7d12d20c0f93e2bc9b35e03a28dbc276a5f4a5
              • Opcode Fuzzy Hash: 0c5316f1b48f63a7bb38c0e6b3ea4f58914c08cb1eb6d5d8162fff3f7cf674ca
              • Instruction Fuzzy Hash: 993241B7F5161447DB0CCE5DDCA16EDB2E3AFD8224B1E803DA80AE3345EA79DD058684
              Function 001DBD50 Relevance: .4, Instructions: 381COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b80b37ecb74186be8c734b10355c4c601250e8bd0ee9413014499d52b291190a
              • Instruction ID: 85afa2bc20f29ae9d4cebf086370f6c6c70b31393fcc82537b10f64a7f5a5924
              • Opcode Fuzzy Hash: b80b37ecb74186be8c734b10355c4c601250e8bd0ee9413014499d52b291190a
              • Instruction Fuzzy Hash: AE027275908215CFCB09CF58D4D48F9BBF1EF69310B1A86EED8899B362D3319980CB91
              Function 001DE490 Relevance: .3, Instructions: 313COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b596a0d6a02d1d738e200e3e0335b53bfb7e2e4d36db8e46ea7a94c3df80fe09
              • Instruction ID: 04efe5d19d08133f3ccc1a66a1c287a7cd11dae05b85b2848db405c0fdf11314
              • Opcode Fuzzy Hash: b596a0d6a02d1d738e200e3e0335b53bfb7e2e4d36db8e46ea7a94c3df80fe09
              • Instruction Fuzzy Hash: 62D1AC746007018BE764DF39C490796BBE0FF58315F1486AED4EE8B781EB74A489CB91
              Function 001DE140 Relevance: .3, Instructions: 303COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a2e03b90355dc0d59000aeef2c7e7f9d6bd4af588e3a47cd3e57602e03e1696
              • Instruction ID: 91a26b255b8a6c90fab6f3ec5539200d83b474d362ebd16f37b682a7074464fa
              • Opcode Fuzzy Hash: 2a2e03b90355dc0d59000aeef2c7e7f9d6bd4af588e3a47cd3e57602e03e1696
              • Instruction Fuzzy Hash: 43B1AF35A007059FEB20DAA4CC40ABFF7F5FF49311F104A1AE9A6D6790D371A946CB61
              Function 001DF810 Relevance: .3, Instructions: 300COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef7c3bc278ec1be74c412d1d410004a4df5d21a6df1fc4201c5dbd1b215ea9a0
              • Instruction ID: f2b86bcbe140bba3ee21c50bbf481f5bab1dded5f7a76e32ae38c9a2a68c4ee1
              • Opcode Fuzzy Hash: ef7c3bc278ec1be74c412d1d410004a4df5d21a6df1fc4201c5dbd1b215ea9a0
              • Instruction Fuzzy Hash: E8B19F716047019FD724DE64C880A6BB7E4FF88314F144A3EF9AB83790D774EA4A8B52
              Function 00249824 Relevance: .3, Instructions: 270COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 63eea95e24a3720d94374b4d970a08d437c661f12c76227c6405adf9361e691c
              • Instruction ID: bd2f104ce6ae40645f11b66e02ae3e0baffc44272f8f866a462fb69778f2e6aa
              • Opcode Fuzzy Hash: 63eea95e24a3720d94374b4d970a08d437c661f12c76227c6405adf9361e691c
              • Instruction Fuzzy Hash: 76B12D316206099FD719CF28C48AB667BE0FF45364F25865CE8DACF2A1C375D9A1CB40
              Function 001DF600 Relevance: .2, Instructions: 190COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 41d31ba86242bfd7bd76f9ba221a1519e07e8bc4f3f0aa95c67da6b44e1bb030
              • Instruction ID: b3ffe5e6f1c2332fd07367e22b2818b23534884819207403ad16b4af420d01a7
              • Opcode Fuzzy Hash: 41d31ba86242bfd7bd76f9ba221a1519e07e8bc4f3f0aa95c67da6b44e1bb030
              • Instruction Fuzzy Hash: B161B731900605AFDB30CAA8C840BEEBBE5EF45310F108ABEE596D27A0D375E686C751
              Function 001D6550 Relevance: .2, Instructions: 189COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b777f67c6d7ea970b66b9d81590923a800ab92748cc3d13ed8e535d199200f3
              • Instruction ID: ce3fd684c3d0bc10477c594837fb8f51af843425a3cc496bb471b67132e319e9
              • Opcode Fuzzy Hash: 1b777f67c6d7ea970b66b9d81590923a800ab92748cc3d13ed8e535d199200f3
              • Instruction Fuzzy Hash: 9A6151316101644FD718DF6EFCC44763361A78B3013A6822BEAC1DB3A6D775E966CBA0
              Function 00164100 Relevance: .2, Instructions: 168COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a1d1203016979e9777d3a15da65a119e378df346ef83abae71d57e2fdec6d4cb
              • Instruction ID: e51d42130d6b62b39a4fb2a2b39074922f3d9176bbbf8e450e05907909c1c174
              • Opcode Fuzzy Hash: a1d1203016979e9777d3a15da65a119e378df346ef83abae71d57e2fdec6d4cb
              • Instruction Fuzzy Hash: 25518BB1E002199FCB18DF98DC81AEEBBB5FB59310F14456DE819A7341D730AA94CBA0
              Function 0023646A Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 920c44e739ca4d08db5b5969fbc7a5a158caad0a814d8dad7807257cb044add9
              • Instruction ID: 71454455f6c770bb669f8fec84a52862b92a18fba6fa3bf0bcb1648be2b889d8
              • Opcode Fuzzy Hash: 920c44e739ca4d08db5b5969fbc7a5a158caad0a814d8dad7807257cb044add9
              • Instruction Fuzzy Hash: 4C51A1B2D1011AEFDF14CF98C844AEEBBB6FF88304F598468E915AB201D7749A50DF90
              Function 001DE910 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 854d7f0168f0dc93b040c5b83782ce3004fb363419dbd7899f20dfa3d1eb45b6
              • Instruction ID: 0610b613b91080cceaaea8747c6712f79cbcd44c12bd89350043bf733a4b72a5
              • Opcode Fuzzy Hash: 854d7f0168f0dc93b040c5b83782ce3004fb363419dbd7899f20dfa3d1eb45b6
              • Instruction Fuzzy Hash: 01318D31600B008FC365CEB9C8917A3B7E4FB49315F140A6ED6EAC7280C7B4B984CB60
              Function 00232CE0 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
              • Instruction ID: b5c5aee61e5ba7342de1b3179951a0a37910503a075e3ffcc3f540db3a896840
              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
              • Instruction Fuzzy Hash: AC112BF726019BC3D6148E2DD9B46B7B395EBC9320F2D437AD1414B75CD222E96D9600
              Function 00164400 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1ea9f7826d8edcdaa46f3b9fee4deacf86556a8192f2b9355d066aac2b91176a
              • Instruction ID: 3139214c41f0821e97038777a68c27265db49580359bf1b6fadcee16fc4606d3
              • Opcode Fuzzy Hash: 1ea9f7826d8edcdaa46f3b9fee4deacf86556a8192f2b9355d066aac2b91176a
              • Instruction Fuzzy Hash: C30180B1914208AFCB04DFA9C8856DEFBF8FF08310F408AAED458E7241E3715615CBA0
              Function 00165498 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 441a51f5b10b454595e693b08969a736bc04aa29c4e083713c689d711331e6f1
              • Instruction ID: 887be78a25091153eb4a6f840a5435f7fa8c50d428b5cddc31a66f578ccb6d14
              • Opcode Fuzzy Hash: 441a51f5b10b454595e693b08969a736bc04aa29c4e083713c689d711331e6f1
              • Instruction Fuzzy Hash: 8B11BC30A14660CBCB29CF08C4A4BA9F7A2EF45744F6980CEC8861F712E731AD56CB80
              Function 001657B8 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5a2871ff881b76c433494f73acef219e289aa9123ebe371a345c92605df81084
              • Instruction ID: 914a410450f01a01ac12e3e0fad42063c9b97a238bcd16585b0bdf8ca84bf37d
              • Opcode Fuzzy Hash: 5a2871ff881b76c433494f73acef219e289aa9123ebe371a345c92605df81084
              • Instruction Fuzzy Hash: E0118C34A146658FCB19CF19C4A0BA9FBA6EF45B44F69808EC8851FB22D731AD55CBC0
              Function 00164DC9 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 909acaf0cd9eaded28342594710fe585bf5ca2d875c123a9b59f138863c25c4b
              • Instruction ID: fb03fe9a9e6b073224a16bb552ae1a9fbd2b633630f559c34db72d131acfc269
              • Opcode Fuzzy Hash: 909acaf0cd9eaded28342594710fe585bf5ca2d875c123a9b59f138863c25c4b
              • Instruction Fuzzy Hash: 75118F349141558BCB29CF18C4A0B69F7A1FF45B54F29408EC8951F616D776AD25CBC0
              Function 001B7D40 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f7e21df9b3f294e0fc2e891459ff19a08484617196f5e4321e9cc5c82f3718a1
              • Instruction ID: bfdfc0a84d1809f8c2b0ac137aba7a645e6cf8221bf13e61cb9b83cfc32cd594
              • Opcode Fuzzy Hash: f7e21df9b3f294e0fc2e891459ff19a08484617196f5e4321e9cc5c82f3718a1
              • Instruction Fuzzy Hash: 2AD0A73142C690CEC33AC97490887E27FC44F46754F164DCDC0928B0A1D7A0D885C758
              Function 001B7750 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13543d78167cc02ffeb902e673b33838cf06af7b7335ca3cbe28f038fabd8404
              • Instruction ID: 76fd33599d2fbbef8bb13aa416cc5b3906012218166e28eba89d04bbfdac47a1
              • Opcode Fuzzy Hash: 13543d78167cc02ffeb902e673b33838cf06af7b7335ca3cbe28f038fabd8404
              • Instruction Fuzzy Hash: 82D0A73142C691CDC32AC564D08CBD2BFC54F42714F16CCCDD0A28B195DFA0D885C354
              Function 001B7780 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8b6c227afc04ef9d8c1c36e39010bc766e3c3c0c70ba707f9d6f05cac1b7268
              • Instruction ID: 47fd55c63aa152f315e998ed3b36bea5e922b46b024c6cff6c88d5f62f73ba93
              • Opcode Fuzzy Hash: e8b6c227afc04ef9d8c1c36e39010bc766e3c3c0c70ba707f9d6f05cac1b7268
              • Instruction Fuzzy Hash: 49D05E32429A9159D32AC524944CBD3BBE94B86214F164D89C0828A091EBA094C9C258
              Function 001B9610 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4a58f2acd26a6c84f23a47943215d251ee13493331cefdf2c4a931ee6dde283
              • Instruction ID: c56ff6e14a51bc155acfec79365b095ba28263bd1c08ff7457a313ef892b1166
              • Opcode Fuzzy Hash: f4a58f2acd26a6c84f23a47943215d251ee13493331cefdf2c4a931ee6dde283
              • Instruction Fuzzy Hash: C7C012705041104BC738DF1CE48089773D6AF58300325896DE08B93700E771ED0187C0
              Function 00158D70 Relevance: 28.3, APIs: 7, Strings: 9, Instructions: 311libraryloaderCOMMON
              Download Yara Rule
              APIs
              • GetModuleHandleA.KERNEL32(9B92819A,?,?,002856BC), ref: 00158E0E
              • GetProcAddress.KERNEL32(00000000,82B281BA), ref: 00158E1B
              • GetModuleHandleA.KERNEL32(9B92819A), ref: 00158E85
              • GetProcAddress.KERNEL32(00000000,82A781BA), ref: 00158E8C
              • CloseHandle.KERNEL32(00000000), ref: 00159092
              • CloseHandle.KERNEL32(00000000), ref: 001590F4
              • CloseHandle.KERNEL32(00000000), ref: 00159121
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: Handle$Close$AddressModuleProc
              • String ID: File$bkg`$eHlW$l$lwcf$p$t$}V%$}V%
              • API String ID: 4110381430-3416113713
              • Opcode ID: db5bb198eb8666d1b2da3de770eb3835e14e88f95e58400e0f44668c36da7638
              • Instruction ID: f04f17a9a07310467bdaba53ab7f2027afd1f7abc8b05beb0809512293d82a6a
              • Opcode Fuzzy Hash: db5bb198eb8666d1b2da3de770eb3835e14e88f95e58400e0f44668c36da7638
              • Instruction Fuzzy Hash: 25C1AB70D10259DAEF20DFA4DC85BEEBBB9FF05300F104469E914BB291DB71A948CB66
              Function 0015D8B9 Relevance: 24.9, APIs: 2, Strings: 12, Instructions: 377COMMON
              Download Yara Rule
              APIs
              • Process32Next.KERNEL32(00000000,00000128), ref: 0015DAB0
              • Process32Next.KERNEL32(00000000,?), ref: 0015DAF8
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: NextProcess32
              • String ID: ?$IOQW$agnd$bqZP$d;"&$ec`v$jjst$oo$rAKq$rnql$za@r${~RL
              • API String ID: 1850201408-807315893
              • Opcode ID: 7cfd89b7b34ba38cfa3e1b57904ec85696bc7000d7888816013e19017fced5eb
              • Instruction ID: 5d0da7d1f4baa3439192866f832edb16fd3e6e88e0a50ca28ea399683a4401f6
              • Opcode Fuzzy Hash: 7cfd89b7b34ba38cfa3e1b57904ec85696bc7000d7888816013e19017fced5eb
              • Instruction Fuzzy Hash: 51F12EB1D1122CDADB25EB90CC55BEEB7B8EF15305F4004D9E909BA242EB705B89CF61
              Function 001BF810 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 175COMMON
              Download Yara Rule
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 001BF833
              • std::_Lockit::_Lockit.LIBCPMT ref: 001BF855
              • std::_Lockit::~_Lockit.LIBCPMT ref: 001BF875
              • std::_Lockit::~_Lockit.LIBCPMT ref: 001BF89F
              • std::_Lockit::_Lockit.LIBCPMT ref: 001BF90D
              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 001BF959
              • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 001BF973
              • std::_Lockit::~_Lockit.LIBCPMT ref: 001BFA08
              • std::_Facet_Register.LIBCPMT ref: 001BFA15
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
              • String ID: bad locale name$"'
              • API String ID: 3375549084-1208716225
              • Opcode ID: 7c508b8f78b260da42df1fc33ad4c43212528a97274899548c1c8455fbe6bab4
              • Instruction ID: a0061e3b592b41612895cca1755bf3d14e02fd0589896e0de6356b57c0a7be3e
              • Opcode Fuzzy Hash: 7c508b8f78b260da42df1fc33ad4c43212528a97274899548c1c8455fbe6bab4
              • Instruction Fuzzy Hash: 7A619DB5D10218EBEF20DFA4EC45BDEBBB4AF14710F144069E805AB381E774E916CBA1
              Function 00164490 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 225registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExA.ADVAPI32(80000002,A3A5ACA7,00000000,00020019,?), ref: 0016452C
              • RegOpenKeyExA.ADVAPI32(80000002,A3A5ACA7,00000000,00020019,?), ref: 001645AA
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: Open
              • String ID: P^k}$fxqv$gI@U$jqth$jqth$nuAl$wa]n$ynj
              • API String ID: 71445658-2554975206
              • Opcode ID: 9a845783a54baaea2577c6afd4cf54e252ac0a3968f06ee6c98e4d1cdfe97613
              • Instruction ID: 74baf980da787b1fad78e4e2e0f40efd965afa581bb895598321165be86c6fde
              • Opcode Fuzzy Hash: 9a845783a54baaea2577c6afd4cf54e252ac0a3968f06ee6c98e4d1cdfe97613
              • Instruction Fuzzy Hash: D781E270D102589FDF18CFA8D894BEEFBBAEF0A304F14415DE441AB681E7719916CBA4
              Function 00232E10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 132COMMON
              Download Yara Rule
              APIs
              • _ValidateLocalCookies.LIBCMT ref: 00232E47
              • ___except_validate_context_record.LIBVCRUNTIME ref: 00232E4F
              • _ValidateLocalCookies.LIBCMT ref: 00232ED8
              • __IsNonwritableInCurrentImage.LIBCMT ref: 00232F03
              • _ValidateLocalCookies.LIBCMT ref: 00232F58
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
              • String ID: i($csm
              • API String ID: 1170836740-3223001819
              • Opcode ID: 5bf5ce8075692457514a2ba9340a7eb0ecb041318b4bad5fc85153ac63447e73
              • Instruction ID: b639ceccd11510b74348ed0a69a217860295e18053c2b06c34eb734d76feb81d
              • Opcode Fuzzy Hash: 5bf5ce8075692457514a2ba9340a7eb0ecb041318b4bad5fc85153ac63447e73
              • Instruction Fuzzy Hash: B141EBB4A20209DBCF10DF68D885A9EBBB5FF45324F148055E8149B392D771EE69CF90
              Function 001539F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156COMMON
              Download Yara Rule
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 00153A58
              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00153AA4
              • __Getctype.LIBCPMT ref: 00153ABA
              • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00153AE6
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00153B7B
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
              • String ID: bad locale name
              • API String ID: 1840309910-1405518554
              • Opcode ID: 26bb842de6b6e9435f5c282ccda9bf83f9770185e0256d597682992e784b6d4f
              • Instruction ID: 669a2ce2abde106c57e6245b0deaf6828a1cb7ef26ae13181ce3e48dd54e69df
              • Opcode Fuzzy Hash: 26bb842de6b6e9435f5c282ccda9bf83f9770185e0256d597682992e784b6d4f
              • Instruction Fuzzy Hash: 73513EB1D10258EBEF10DFE4D945B9EBBB8AF14350F144069EC19AB381E774DA18CB61
              Function 0015B1A0 Relevance: 10.6, APIs: 7, Instructions: 133memoryCOMMON
              Download Yara Rule
              APIs
              • LocalAlloc.KERNEL32(00000040,0000001C), ref: 0015B1F0
              • LocalAlloc.KERNEL32(00000040,0000001C,?,00000000,00000000), ref: 0015B239
              • SetupDiGetDeviceInterfaceDetailA.SETUPAPI(?,00000000,00000000,00000000,?,00000000), ref: 0015B26D
              • SetupDiGetDeviceInterfaceDetailA.SETUPAPI(?,?,00000000,?,00000000,00000000), ref: 0015B28F
              • LocalFree.KERNEL32(?,?,?,?,?,00000000,?,00000000,00000000), ref: 0015B2C0
              • LocalFree.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 0015B2C5
              • LocalFree.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 0015B2C8
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: Local$Free$AllocDetailDeviceInterfaceSetup
              • String ID:
              • API String ID: 4232148138-0
              • Opcode ID: d773d655152fe6c29b79d70e264981153814c96f029aded2bd2f5df11d78c366
              • Instruction ID: 9e0a1b8c07205a79cee12ebed2dd9267f902fbdda5fdf913bfb5ff602fb8a6c3
              • Opcode Fuzzy Hash: d773d655152fe6c29b79d70e264981153814c96f029aded2bd2f5df11d78c366
              • Instruction Fuzzy Hash: 07414EB1940309EFDB60DFA9DD41B9EBBF4EB48700F10452AE959E7690E774A9008B60
              Function 0023D513 Relevance: 9.3, APIs: 6, Instructions: 285COMMON
              Download Yara Rule
              APIs
              • __allrem.LIBCMT ref: 0023D69B
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0023D6B7
              • __allrem.LIBCMT ref: 0023D6CE
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0023D6EC
              • __allrem.LIBCMT ref: 0023D703
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0023D721
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
              • String ID:
              • API String ID: 1992179935-0
              • Opcode ID: 7222d4fbd83bf911f66e88245ad854337fd27cd591c1530f5d5dc897f2461532
              • Instruction ID: ec904e43231c58d0abc72d9193d7fd52374365158c7fab6d3fda91941732f4a4
              • Opcode Fuzzy Hash: 7222d4fbd83bf911f66e88245ad854337fd27cd591c1530f5d5dc897f2461532
              • Instruction Fuzzy Hash: 86811CF2A207129BE724AE68EC42B6BB3F9AF45724F144629F415D72C1E770D9508F90
              Function 001BDE70 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
              Download Yara Rule
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 001BDE93
              • std::_Lockit::_Lockit.LIBCPMT ref: 001BDEB6
              • std::_Lockit::~_Lockit.LIBCPMT ref: 001BDED6
              • std::_Facet_Register.LIBCPMT ref: 001BDF4B
              • std::_Lockit::~_Lockit.LIBCPMT ref: 001BDF63
              • Concurrency::cancel_current_task.LIBCPMT ref: 001BDF7B
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
              • String ID:
              • API String ID: 2081738530-0
              • Opcode ID: e35c6801d94224af52146973554ebc44128e0633a86bf114bb2680f12e10491e
              • Instruction ID: 8aa9ee12393e6dd9c47c4f489c855de24991117140790e866685dba2a5a8c894
              • Opcode Fuzzy Hash: e35c6801d94224af52146973554ebc44128e0633a86bf114bb2680f12e10491e
              • Instruction Fuzzy Hash: F631E175804226DFCB18DF54E888BAEBBB4FB14720F15426DE8166B351E730AD01CBD0
              Function 0015A750 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 272COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: \*.*
              • API String ID: 0-1173974218
              • Opcode ID: 491c3892e3f1efec05d7dca8345eb20c32cca14ccaf5252bc638480a29fe1684
              • Instruction ID: 6f4a5a41b0801402d076bbcc58de6230b1e448023fb42ee2eff902d9a415058e
              • Opcode Fuzzy Hash: 491c3892e3f1efec05d7dca8345eb20c32cca14ccaf5252bc638480a29fe1684
              • Instruction Fuzzy Hash: 30A1E470D40209DFDB18DFA8C994BEEFBB5FF09311F504619E825AB281D7709988CB62
              Function 00163AA0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 383COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: \$abcdefghijklmnopqrstuvwxyz0123456789_ABCDEFGHIJKLMNOPQRSTUVWXYZ$hr(
              • API String ID: 0-61382527
              • Opcode ID: 12e2b34572ee7d51e0313b06bceee07698368b7dd9898fc97cb68ee51a6520d8
              • Instruction ID: f68e35b84fb9f04462e550dc75deecfb841bad8400532e11c69ff47210562e53
              • Opcode Fuzzy Hash: 12e2b34572ee7d51e0313b06bceee07698368b7dd9898fc97cb68ee51a6520d8
              • Instruction Fuzzy Hash: B1E1D371D002089FDB08DFA8DC94BADBBB5FF05300F24826DE415AB382D7359A55CBA1
              Function 00154C50 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 345COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00154F72
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00154FFF
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: ", "$: "
              • API String ID: 4194217158-747220369
              • Opcode ID: ff53f8853de2ed8b42eb16e76b693d3c530599723032b16f44f8d2da711d1e24
              • Instruction ID: 82c442f804f5a4fc97ed50b6a23f37b385fd47319fe03f2eef9662825aee5725
              • Opcode Fuzzy Hash: ff53f8853de2ed8b42eb16e76b693d3c530599723032b16f44f8d2da711d1e24
              • Instruction Fuzzy Hash: E6C14370900204DFDB28DF68D895BAEB7F5FF44304F10492DE8669B781E774A988CBA1
              Function 00157820 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 310COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 0015799A
              • ___std_exception_copy.LIBVCRUNTIME ref: 00157B75
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: out_of_range$type_error
              • API String ID: 2659868963-3702451861
              • Opcode ID: 5d59f4423c083221bbb9c38847953b856cfb8a579fd3a395b77d55cf4e9d88ea
              • Instruction ID: a4230d04be5fb9b01e62ba65b3af302c21a8ae8c8e3ae5c12f2ce00bef63de9d
              • Opcode Fuzzy Hash: 5d59f4423c083221bbb9c38847953b856cfb8a579fd3a395b77d55cf4e9d88ea
              • Instruction Fuzzy Hash: 1DC168B1900208DFDB08CFA8E98579DBBF5FF48310F148269E819EB791E77499848B60
              Function 001573B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 001575BE
              • ___std_exception_destroy.LIBVCRUNTIME ref: 001575CD
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: at line $, column
              • API String ID: 4194217158-191570568
              • Opcode ID: fb3d83a36ad6eaf94114e2fde15c7373cc65f27e7c5afbbe279867476487cb1a
              • Instruction ID: 3b3510afe61bad061e5dc110f90daa1c735d0506a7697fa6be408d31b05bd420
              • Opcode Fuzzy Hash: fb3d83a36ad6eaf94114e2fde15c7373cc65f27e7c5afbbe279867476487cb1a
              • Instruction Fuzzy Hash: 7361F770A14204DFDB08DF68EC95BADBBB5FF45300F24462CE825AB781E774A954CB91
              Function 0015AF30 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON
              Download Yara Rule
              APIs
              • GetSystemMetrics.USER32(00000001), ref: 0015AF8A
              • GetSystemMetrics.USER32(00000000), ref: 0015AF90
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: MetricsSystem
              • String ID: d$image/png
              • API String ID: 4116985748-2616758285
              • Opcode ID: d33d9031bfca150a5883ef34c3e75a7490b53adb6b6924cfd5b0dac784ce6e02
              • Instruction ID: 9846a3dfe84cc67ef95bcfd02bbb627e922d7109e5b37660634eb17ae5120379
              • Opcode Fuzzy Hash: d33d9031bfca150a5883ef34c3e75a7490b53adb6b6924cfd5b0dac784ce6e02
              • Instruction Fuzzy Hash: 01518CB1108301AFE710DF24C894B6BBBE8EF95744F104D2DF99497290E771E808CB96
              Function 00153D10 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00153E7F
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2659868963-1866435925
              • Opcode ID: e6c467c8ceb854884e605dfa5e12c32c7838f3235c970b5a2b3e36a04dcf8509
              • Instruction ID: 343cd8d753c97fe3611fe89af4c97fa8e988e5df0d50a7c36dfa9272f63f7f8a
              • Opcode Fuzzy Hash: e6c467c8ceb854884e605dfa5e12c32c7838f3235c970b5a2b3e36a04dcf8509
              • Instruction Fuzzy Hash: 4241B7B2910204AFC704DF68C845B9EB7F8EF49351F14852AFD25DB741E770AA158BA4
              Function 00153DE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00153E7F
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2659868963-1866435925
              • Opcode ID: e255b04bec400c28ed0463e070ab3f896cc0f1c47d23db09d656de767af1ccf3
              • Instruction ID: 4fe78c6997086547d4b4123e36b60c2bf7ec1a6c01ec5e0439ec3e6b3d6daca9
              • Opcode Fuzzy Hash: e255b04bec400c28ed0463e070ab3f896cc0f1c47d23db09d656de767af1ccf3
              • Instruction Fuzzy Hash: EA21EEB2510704AFC714DF58D806B96B7ECEB04351F14882AFE788B641E770E928CBA5
              Function 00156F40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 349COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00157340
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: parse error$parse_error
              • API String ID: 2659868963-1820534363
              • Opcode ID: 26864dba413a171726f42d32d42a1cd5a9c3384cf2beea6ef690a1a31fbdaf91
              • Instruction ID: b470b4e6d5aa151b17bea0bf3af84c997700d597175a47ffee504f074507a8b8
              • Opcode Fuzzy Hash: 26864dba413a171726f42d32d42a1cd5a9c3384cf2beea6ef690a1a31fbdaf91
              • Instruction Fuzzy Hash: 9BE17070904208DFDB18CF68D8957ADBBB1FF49300F248169E818EB792D7749A95CF91
              Function 00156C60 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 247COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00156F11
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00156F20
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3273994420.0000000000151000.00000040.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
              • Associated: 00000000.00000002.3273948841.0000000000150000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3273994420.0000000000283000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274236818.0000000000288000.00000008.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274283719.000000000028B000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274323160.000000000028C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274361597.0000000000296000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274396915.0000000000297000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274429639.0000000000298000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274675470.00000000003F0000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274714524.00000000003F2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274752677.000000000040C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274786613.000000000040E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.000000000040F000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274823337.0000000000418000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274907968.000000000041C000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274944074.0000000000424000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3274985761.000000000042B000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275023903.000000000042C000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275059740.0000000000434000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275097223.0000000000436000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275128687.0000000000445000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275162930.0000000000446000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275200437.000000000044E000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275231050.000000000045A000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275285733.000000000047A000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.000000000047B000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275313294.00000000004B5000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275457739.00000000004E2000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275495333.00000000004E3000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004E4000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275529663.00000000004EA000.00000080.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275599620.00000000004F9000.00000040.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.3275637680.00000000004FA000.00000080.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_150000_LisectAVT_2403002A_191.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: [json.exception.
              • API String ID: 4194217158-791563284
              • Opcode ID: f9870d02cf307d1320dc5d9f9af2c61b69ee6dff222a6aa896615528e9ad6238
              • Instruction ID: 1059703b553224ad3e962f0a549922df8e02d6cac72041f0fc6442182516ce14
              • Opcode Fuzzy Hash: f9870d02cf307d1320dc5d9f9af2c61b69ee6dff222a6aa896615528e9ad6238
              • Instruction Fuzzy Hash: FE91E370A01204DFDB18CF68D995BAEFBF2EF45300F60866CE465AB792D770A945CB90

              Execution Graph

              Execution Coverage:3.8%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:0%
              Total number of Nodes:753
              Total number of Limit Nodes:97
              execution_graph 30790 c94dc9 11 API calls 30724 c948e0 16 API calls 30810 c903fa 16 API calls 2 library calls 30733 c9f880 Sleep RtlAllocateHeap RtlAllocateHeap 30736 c95498 GetPEB GetPEB GetPEB GetPEB GetPEB 30824 c85f90 6 API calls std::ios_base::_Ios_base_dtor 30388 c8a090 30389 d5f290 std::_Facet_Register 2 API calls 30388->30389 30390 c8a0c8 30389->30390 30391 c82ae0 2 API calls 30390->30391 30392 c8a10b 30391->30392 30393 d65362 RtlAllocateHeap 30392->30393 30394 c8a157 30393->30394 30395 d69136 4 API calls 30394->30395 30399 c8a1c1 30394->30399 30397 c8a16a 30395->30397 30396 c8a1ea std::ios_base::_Ios_base_dtor 30398 d64eeb 2 API calls 30397->30398 30401 c8a170 30398->30401 30399->30396 30400 d647b0 RtlAllocateHeap 30399->30400 30402 c8a20c 30400->30402 30403 d69136 4 API calls 30401->30403 30404 d5f290 std::_Facet_Register 2 API calls 30402->30404 30405 c8a17c 30403->30405 30406 c8a248 30404->30406 30407 cecf60 2 API calls 30405->30407 30409 c8a18b 30405->30409 30408 c82ae0 2 API calls 30406->30408 30407->30409 30412 c8a28b 30408->30412 30410 d6dbdf __fread_nolock 4 API calls 30409->30410 30411 c8a1bb 30410->30411 30413 d68be8 5 API calls 30411->30413 30414 d65362 RtlAllocateHeap 30412->30414 30413->30399 30415 c8a2d7 30414->30415 30438 c8a34e 30415->30438 30442 d69136 30415->30442 30416 c8a377 std::ios_base::_Ios_base_dtor 30421 d647b0 RtlAllocateHeap 30424 c8a399 30421->30424 30422 d69136 4 API calls 30423 c8a2fc 30422->30423 30428 c8a318 30423->30428 30454 cecf60 30423->30454 30426 d65362 RtlAllocateHeap 30424->30426 30427 c8a3d8 30426->30427 30429 d69136 4 API calls 30427->30429 30435 c8a3f9 30427->30435 30459 d6dbdf 30428->30459 30432 c8a3eb 30429->30432 30430 c8a423 std::ios_base::_Ios_base_dtor 30434 d64eeb 2 API calls 30432->30434 30439 c8a3f1 30434->30439 30435->30430 30437 d647b0 RtlAllocateHeap 30435->30437 30436 d68be8 5 API calls 30436->30438 30440 c8a439 30437->30440 30438->30416 30438->30421 30441 d68be8 5 API calls 30439->30441 30441->30435 30443 d69149 ___std_exception_copy 30442->30443 30462 d68e8d 30443->30462 30445 d6915e 30446 d644dc ___std_exception_copy RtlAllocateHeap 30445->30446 30447 c8a2ea 30446->30447 30448 d64eeb 30447->30448 30449 d64efe ___std_exception_copy 30448->30449 30484 d64801 30449->30484 30451 d64f0a 30452 d644dc ___std_exception_copy RtlAllocateHeap 30451->30452 30453 c8a2f0 30452->30453 30453->30422 30455 cecfa7 30454->30455 30458 cecf78 __fread_nolock 30454->30458 30522 cf0560 30455->30522 30457 cecfba 30457->30428 30458->30428 30539 d6dbfc 30459->30539 30461 c8a348 30461->30436 30463 d68e99 __fread_nolock 30462->30463 30464 d68e9f 30463->30464 30466 d68ee2 __fread_nolock 30463->30466 30478 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 30464->30478 30469 d69010 30466->30469 30468 d68eba 30468->30445 30470 d69036 30469->30470 30471 d69023 30469->30471 30479 d68f37 30470->30479 30471->30468 30473 d690e7 30473->30468 30474 d69059 30474->30473 30475 d655d3 4 API calls 30474->30475 30476 d69087 30475->30476 30477 d6e17d 2 API calls 30476->30477 30477->30473 30478->30468 30480 d68fa0 30479->30480 30481 d68f48 30479->30481 30480->30474 30481->30480 30483 d6e13d SetFilePointerEx RtlAllocateHeap __fread_nolock ___std_exception_copy 30481->30483 30483->30480 30485 d6480d __fread_nolock 30484->30485 30486 d64814 30485->30486 30487 d64835 __fread_nolock 30485->30487 30494 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 30486->30494 30491 d64910 30487->30491 30490 d6482d 30490->30451 30495 d64942 30491->30495 30493 d64922 30493->30490 30494->30490 30496 d64951 30495->30496 30497 d64979 30495->30497 30511 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 30496->30511 30499 d75f82 __fread_nolock RtlAllocateHeap 30497->30499 30501 d64982 30499->30501 30500 d6496c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 30500->30493 30508 d6e11f 30501->30508 30504 d64a2c 30512 d64cae SetFilePointerEx RtlAllocateHeap __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z _ValidateLocalCookies 30504->30512 30505 d64a43 30505->30500 30513 d64ae3 SetFilePointerEx RtlAllocateHeap __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 30505->30513 30514 d6df37 30508->30514 30510 d649a0 30510->30500 30510->30504 30510->30505 30511->30500 30512->30500 30513->30500 30516 d6df43 __fread_nolock 30514->30516 30515 d6df4b 30515->30510 30516->30515 30517 d6df86 30516->30517 30519 d6dfcc 30516->30519 30521 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 30517->30521 30519->30515 30520 d6e05c __fread_nolock 2 API calls 30519->30520 30520->30515 30521->30515 30523 cf06a9 30522->30523 30527 cf0585 30522->30527 30537 c82270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 30523->30537 30525 cf06ae 30538 c821d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 30525->30538 30529 cf05e3 30527->30529 30530 cf05f0 30527->30530 30532 cf059a 30527->30532 30528 d5f290 std::_Facet_Register 2 API calls 30535 cf05aa __fread_nolock std::_Locinfo::_Locinfo_ctor 30528->30535 30529->30525 30529->30532 30533 d5f290 std::_Facet_Register 2 API calls 30530->30533 30530->30535 30531 d647b0 RtlAllocateHeap 30534 cf06b8 30531->30534 30532->30528 30533->30535 30535->30531 30536 cf0667 std::ios_base::_Ios_base_dtor __fread_nolock std::_Locinfo::_Locinfo_ctor 30535->30536 30536->30457 30537->30525 30538->30535 30540 d6dc08 __fread_nolock 30539->30540 30541 d6dc52 __fread_nolock 30540->30541 30542 d6dc1b __fread_nolock 30540->30542 30547 d6dc40 __fread_nolock 30540->30547 30548 d6da06 30541->30548 30561 d6d23f RtlAllocateHeap __dosmaperr 30542->30561 30544 d6dc35 30562 d647a0 RtlAllocateHeap ___std_exception_copy 30544->30562 30547->30461 30552 d6da18 __fread_nolock 30548->30552 30554 d6da35 30548->30554 30549 d6da25 30622 d6d23f RtlAllocateHeap __dosmaperr 30549->30622 30551 d6da2a 30623 d647a0 RtlAllocateHeap ___std_exception_copy 30551->30623 30552->30549 30552->30554 30559 d6da76 __fread_nolock 30552->30559 30554->30547 30555 d6dba1 __fread_nolock 30625 d6d23f RtlAllocateHeap __dosmaperr 30555->30625 30557 d75f82 __fread_nolock RtlAllocateHeap 30557->30559 30559->30554 30559->30555 30559->30557 30563 d74623 30559->30563 30624 d68a2b RtlAllocateHeap __fread_nolock __dosmaperr std::_Locinfo::_Locinfo_ctor ___std_exception_copy 30559->30624 30561->30544 30562->30547 30564 d74635 30563->30564 30565 d7464d 30563->30565 30626 d6d22c RtlAllocateHeap __dosmaperr 30564->30626 30567 d7498f 30565->30567 30571 d74690 30565->30571 30645 d6d22c RtlAllocateHeap __dosmaperr 30567->30645 30568 d7463a 30627 d6d23f RtlAllocateHeap __dosmaperr 30568->30627 30573 d74642 30571->30573 30574 d7469b 30571->30574 30580 d746cb 30571->30580 30572 d74994 30646 d6d23f RtlAllocateHeap __dosmaperr 30572->30646 30573->30559 30628 d6d22c RtlAllocateHeap __dosmaperr 30574->30628 30577 d746a8 30647 d647a0 RtlAllocateHeap ___std_exception_copy 30577->30647 30578 d746a0 30629 d6d23f RtlAllocateHeap __dosmaperr 30578->30629 30582 d746e4 30580->30582 30583 d746f1 30580->30583 30584 d7471f 30580->30584 30582->30583 30586 d7470d 30582->30586 30630 d6d22c RtlAllocateHeap __dosmaperr 30583->30630 30633 d76e2d RtlAllocateHeap RtlAllocateHeap __dosmaperr std::_Facet_Register 30584->30633 30591 d80d44 __fread_nolock RtlAllocateHeap 30586->30591 30588 d746f6 30631 d6d23f RtlAllocateHeap __dosmaperr 30588->30631 30589 d74730 30634 d76db3 RtlAllocateHeap __dosmaperr 30589->30634 30604 d7486b 30591->30604 30593 d746fd 30632 d647a0 RtlAllocateHeap ___std_exception_copy 30593->30632 30594 d74739 30635 d76db3 RtlAllocateHeap __dosmaperr 30594->30635 30596 d748e3 ReadFile 30598 d74957 30596->30598 30599 d748fb 30596->30599 30609 d74964 30598->30609 30610 d748b5 30598->30610 30599->30598 30601 d748d4 30599->30601 30600 d74740 30602 d74765 30600->30602 30603 d7474a 30600->30603 30613 d74937 30601->30613 30614 d74920 30601->30614 30621 d74708 __fread_nolock 30601->30621 30638 d6e13d SetFilePointerEx RtlAllocateHeap __fread_nolock ___std_exception_copy 30602->30638 30636 d6d23f RtlAllocateHeap __dosmaperr 30603->30636 30604->30596 30608 d7489b 30604->30608 30608->30601 30608->30610 30643 d6d23f RtlAllocateHeap __dosmaperr 30609->30643 30610->30621 30639 d6d1e5 RtlAllocateHeap __dosmaperr 30610->30639 30611 d7474f 30637 d6d22c RtlAllocateHeap __dosmaperr 30611->30637 30613->30621 30642 d7417b SetFilePointerEx RtlAllocateHeap __fread_nolock 30613->30642 30641 d74335 SetFilePointerEx RtlAllocateHeap __fread_nolock __dosmaperr 30614->30641 30616 d74969 30644 d6d22c RtlAllocateHeap __dosmaperr 30616->30644 30640 d76db3 RtlAllocateHeap __dosmaperr 30621->30640 30622->30551 30623->30554 30624->30559 30625->30551 30626->30568 30627->30573 30628->30578 30629->30577 30630->30588 30631->30593 30632->30621 30633->30589 30634->30594 30635->30600 30636->30611 30637->30621 30638->30586 30639->30621 30640->30573 30641->30621 30642->30621 30643->30616 30644->30621 30645->30572 30646->30577 30647->30573 30373 c8a690 30374 d5e812 GetSystemTimePreciseAsFileTime 30373->30374 30375 c8a6a2 30374->30375 30376 c8a6fe 30375->30376 30377 c8a6a9 30375->30377 30387 d5e4bb 6 API calls std::locale::_Setgloballocale 30376->30387 30381 c8a6bd GetFileAttributesA 30377->30381 30383 c8a6c9 __Mtx_unlock 30377->30383 30381->30383 30742 c94490 RegOpenKeyExA RegOpenKeyExA RtlAllocateHeap RtlAllocateHeap std::ios_base::_Ios_base_dtor 30648 c8b6a0 30659 c8b6fe __Getctype 30648->30659 30649 c8b80c std::ios_base::_Ios_base_dtor 30650 c8b7e1 30650->30649 30651 d647b0 RtlAllocateHeap 30650->30651 30654 c8b82c 30651->30654 30652 c8b7d8 30703 d6d7d6 RtlAllocateHeap __freea 30652->30703 30654->30654 30655 c82ae0 2 API calls 30654->30655 30656 c8b8d9 RegOpenKeyExA 30655->30656 30661 c8b954 RegQueryValueExA 30656->30661 30664 c8b9dc 30656->30664 30657 c8b7d2 30702 d6d7d6 RtlAllocateHeap __freea 30657->30702 30659->30650 30659->30652 30659->30657 30659->30659 30701 cea350 2 API calls 4 library calls 30659->30701 30661->30664 30665 c8b9b3 30661->30665 30664->30664 30666 c82ae0 2 API calls 30664->30666 30704 cea350 2 API calls 4 library calls 30665->30704 30668 c8ba59 __fread_nolock 30666->30668 30669 c8ba6d GetCurrentHwProfileA 30668->30669 30670 c8baac 30669->30670 30671 c8ba81 30669->30671 30672 c8bab4 SetupDiGetClassDevsA 30670->30672 30705 cea350 2 API calls 4 library calls 30671->30705 30673 c8bb0d 30672->30673 30677 c8badb 30672->30677 30706 c8b1a0 9 API calls ___std_exception_copy 30673->30706 30676 c8bb1b 30676->30677 30678 c8bb5e 30677->30678 30679 c8c141 30677->30679 30682 cf20e0 2 API calls 30678->30682 30710 c82270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 30679->30710 30681 c8c146 30683 d647b0 RtlAllocateHeap 30681->30683 30684 c8bb89 30682->30684 30700 c8c065 std::ios_base::_Ios_base_dtor 30683->30700 30685 c8bbbc std::_Locinfo::_Locinfo_ctor 30684->30685 30707 cf06c0 2 API calls 4 library calls 30684->30707 30689 cea480 2 API calls 30685->30689 30686 d647b0 RtlAllocateHeap 30688 c8c150 30686->30688 30690 c8bc62 30689->30690 30708 cf1ed0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task std::_Locinfo::_Locinfo_ctor std::_Facet_Register 30690->30708 30692 c8bcb5 30693 cea480 2 API calls 30692->30693 30694 c8bcc8 30693->30694 30709 cf1ed0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task std::_Locinfo::_Locinfo_ctor std::_Facet_Register 30694->30709 30696 c8bd2c std::ios_base::_Ios_base_dtor 30696->30681 30697 c8bf0a std::ios_base::_Ios_base_dtor std::_Locinfo::_Locinfo_ctor 30696->30697 30697->30697 30698 c82ae0 2 API calls 30697->30698 30698->30700 30699 c8c124 std::ios_base::_Ios_base_dtor 30700->30686 30700->30699 30701->30657 30702->30652 30703->30650 30704->30664 30705->30670 30706->30676 30707->30685 30708->30692 30709->30696 30710->30681 30711 c9e0a0 WSAStartup 30712 c9e0d8 30711->30712 30716 c9e1a7 30711->30716 30713 c9e175 socket 30712->30713 30712->30716 30714 c9e18b connect 30713->30714 30713->30716 30715 c9e19d closesocket 30714->30715 30714->30716 30715->30713 30715->30716 30745 c9c0a0 14 API calls std::_Facet_Register 30746 c93aa0 18 API calls 2 library calls 30749 c8d892 20 API calls __fread_nolock 30828 c957b8 GetPEB GetPEB 30756 c9284f 14 API calls 29778 c99259 29779 c99260 29778->29779 29779->29779 29827 c82ae0 29779->29827 29781 c99313 29843 cee530 29781->29843 29783 c99395 29847 cea480 29783->29847 29785 c993a7 29786 c9941e std::_Locinfo::_Locinfo_ctor 29785->29786 29964 cf06c0 2 API calls 4 library calls 29785->29964 29788 cea480 2 API calls 29786->29788 29789 c994bc 29788->29789 29790 c99557 std::_Locinfo::_Locinfo_ctor 29789->29790 29965 cf06c0 2 API calls 4 library calls 29789->29965 29792 cea480 2 API calls 29790->29792 29793 c99627 std::ios_base::_Ios_base_dtor 29792->29793 29852 cea770 29793->29852 29795 c99878 29869 c95b90 29795->29869 29797 c9987f std::ios_base::_Ios_base_dtor 29798 c82ae0 2 API calls 29797->29798 29800 c99c97 std::ios_base::_Ios_base_dtor 29797->29800 29802 c999c6 29798->29802 29799 d647b0 RtlAllocateHeap 29809 c99e22 29799->29809 29800->29799 29801 c99d9c std::ios_base::_Ios_base_dtor 29800->29801 29803 c99e09 29802->29803 29804 c99a3e 29802->29804 29966 c82270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 29803->29966 29926 cf20e0 29804->29926 29807 c99e0e 29967 d647b0 29807->29967 29808 c99a6a 29811 cea480 2 API calls 29808->29811 29812 c99a7d 29811->29812 29941 cea4f0 29812->29941 29813 d647b0 RtlAllocateHeap 29826 c99c5d std::ios_base::_Ios_base_dtor 29813->29826 29815 d647b0 RtlAllocateHeap 29815->29800 29816 c99adb std::ios_base::_Ios_base_dtor 29816->29807 29817 c99b4d std::ios_base::_Ios_base_dtor 29816->29817 29946 d65362 29817->29946 29821 c99ba3 29952 d6d168 29821->29952 29826->29800 29826->29815 29828 c82ba5 29827->29828 29834 c82af6 29827->29834 29978 c82270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 29828->29978 29829 c82b02 std::_Locinfo::_Locinfo_ctor 29829->29781 29831 c82b2a 29970 d5f290 29831->29970 29832 c82baa 29979 c821d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 29832->29979 29834->29829 29834->29831 29837 c82b6e 29834->29837 29838 c82b65 29834->29838 29836 c82b3d 29839 d647b0 RtlAllocateHeap 29836->29839 29842 c82b46 std::_Locinfo::_Locinfo_ctor 29836->29842 29840 d5f290 std::_Facet_Register 2 API calls 29837->29840 29837->29842 29838->29831 29838->29832 29841 c82bb4 29839->29841 29840->29842 29842->29781 29844 cee546 29843->29844 29844->29844 29846 cee564 std::_Locinfo::_Locinfo_ctor 29844->29846 29988 cfa520 2 API calls 4 library calls 29844->29988 29846->29783 29848 cea490 29847->29848 29848->29848 29851 cea4a7 std::_Locinfo::_Locinfo_ctor 29848->29851 29989 cf06c0 2 API calls 4 library calls 29848->29989 29850 cea4e2 29850->29785 29851->29785 29853 cea799 29852->29853 29854 cea851 29853->29854 29859 cea7aa 29853->29859 29990 c82270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 29854->29990 29855 cea7b6 std::_Locinfo::_Locinfo_ctor 29855->29795 29857 cea7db 29864 d5f290 std::_Facet_Register 2 API calls 29857->29864 29858 cea856 29991 c821d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 29858->29991 29859->29855 29859->29857 29862 cea81d 29859->29862 29863 cea814 29859->29863 29861 cea7ee 29865 d647b0 RtlAllocateHeap 29861->29865 29868 cea7f5 std::_Locinfo::_Locinfo_ctor 29861->29868 29867 d5f290 std::_Facet_Register 2 API calls 29862->29867 29862->29868 29863->29857 29863->29858 29864->29861 29866 cea860 29865->29866 29866->29795 29867->29868 29868->29795 29871 c95bca __fread_nolock 29869->29871 29870 c95da1 std::ios_base::_Ios_base_dtor 29870->29797 29871->29870 29872 d647b0 RtlAllocateHeap 29871->29872 29873 c95dc1 __fread_nolock 29872->29873 29874 c82ae0 2 API calls 29873->29874 29875 c95e3c 29874->29875 29876 c95f93 std::ios_base::_Ios_base_dtor 29875->29876 29877 d647b0 RtlAllocateHeap 29875->29877 29876->29797 29878 c95fab 29877->29878 29878->29878 29879 c96030 29878->29879 29880 c97d25 29878->29880 29882 cf20e0 2 API calls 29879->29882 29996 c82270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 29880->29996 29887 c96059 29882->29887 29883 c97d2a 29997 c82270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 29883->29997 29885 c97d2f 29998 c82270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 29885->29998 29887->29883 29887->29887 29891 c960b3 29887->29891 29888 c97d34 29999 d5e4bb 6 API calls std::locale::_Setgloballocale 29888->29999 29894 cf20e0 2 API calls 29891->29894 29899 c960dc 29894->29899 29899->29885 29899->29899 29901 c96133 29899->29901 29904 cf20e0 2 API calls 29901->29904 29902 c97d4e 30000 d5e4bb 6 API calls std::locale::_Setgloballocale 29902->30000 29910 c9615c __fread_nolock 29904->29910 29913 c82ae0 2 API calls 29910->29913 29914 c961dc 29913->29914 29915 c82ae0 2 API calls 29914->29915 29918 c97c13 std::ios_base::_Ios_base_dtor 29914->29918 29916 c967e8 29915->29916 29917 cea480 2 API calls 29916->29917 29919 c96802 29917->29919 29918->29797 29992 cf06c0 2 API calls 4 library calls 29919->29992 29921 c96862 29993 d5e812 29921->29993 29924 c96889 __Mtx_unlock 29924->29918 29925 c82ae0 2 API calls 29924->29925 29925->29924 29927 cf2112 29926->29927 29932 cf213d std::_Locinfo::_Locinfo_ctor 29926->29932 29928 cf211f 29927->29928 29929 cf216b 29927->29929 29930 cf2162 29927->29930 29931 d5f290 std::_Facet_Register 2 API calls 29928->29931 29929->29932 29935 d5f290 std::_Facet_Register 2 API calls 29929->29935 29930->29928 29933 cf21bc 29930->29933 29934 cf2132 29931->29934 29932->29808 30009 c821d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 29933->30009 29934->29932 29937 d647b0 RtlAllocateHeap 29934->29937 29935->29932 29938 cf21c6 29937->29938 30010 d6d7d6 RtlAllocateHeap __freea 29938->30010 29940 cf21e4 std::ios_base::_Ios_base_dtor 29940->29808 29942 cea504 29941->29942 29943 cea514 std::_Locinfo::_Locinfo_ctor 29942->29943 30011 cf06c0 2 API calls 4 library calls 29942->30011 29943->29816 29945 cea55a 29945->29816 30012 d652a0 29946->30012 29948 c99b91 29948->29826 29949 c940e0 29948->29949 30045 d5ec6a 29949->30045 29951 c940eb __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 29951->29821 29953 d6d17b ___std_exception_copy 29952->29953 30052 d6cf4a 29953->30052 29955 d6d190 30060 d644dc 29955->30060 29958 d68be8 29959 d68bfb ___std_exception_copy 29958->29959 30070 d68ac3 29959->30070 29961 d68c07 29962 d644dc ___std_exception_copy RtlAllocateHeap 29961->29962 29963 c99c30 29962->29963 29963->29813 29963->29826 29964->29786 29965->29790 29966->29807 30207 d646ec RtlAllocateHeap ___std_exception_copy 29967->30207 29969 d647bf __Getctype 29972 d5f295 std::_Facet_Register 29970->29972 29973 d5f2af 29972->29973 29975 c821d0 Concurrency::cancel_current_task 29972->29975 29980 d6df2c 29972->29980 29973->29836 29974 d5f2bb 29974->29974 29975->29974 29986 d60651 RtlAllocateHeap RtlAllocateHeap __freea ___std_exception_copy 29975->29986 29977 c82213 29977->29836 29978->29832 29979->29836 29985 d76e2d __dosmaperr std::_Facet_Register 29980->29985 29981 d76e6b 29987 d6d23f RtlAllocateHeap __dosmaperr 29981->29987 29983 d76e56 RtlAllocateHeap 29984 d76e69 29983->29984 29983->29985 29984->29972 29985->29981 29985->29983 29986->29977 29987->29984 29988->29846 29989->29850 29990->29858 29991->29861 29992->29921 30001 d5e5ec 29993->30001 29995 c9687e 29995->29902 29995->29924 29996->29883 29997->29885 29998->29888 30002 d5e64e 30001->30002 30004 d5e614 _ValidateLocalCookies 30001->30004 30002->30004 30007 d5ec91 GetSystemTimePreciseAsFileTime __aulldiv __aullrem __Xtime_get_ticks 30002->30007 30004->29995 30005 d5e6a4 __Xtime_diff_to_millis2 30005->30004 30008 d5ec91 GetSystemTimePreciseAsFileTime __aulldiv __aullrem __Xtime_get_ticks 30005->30008 30007->30005 30008->30005 30009->29934 30010->29940 30011->29945 30015 d652ac __fread_nolock 30012->30015 30013 d652b3 30030 d6d23f RtlAllocateHeap __dosmaperr 30013->30030 30015->30013 30017 d652d3 30015->30017 30016 d652b8 30031 d647a0 RtlAllocateHeap ___std_exception_copy 30016->30031 30019 d652e5 30017->30019 30020 d652d8 30017->30020 30026 d76688 30019->30026 30032 d6d23f RtlAllocateHeap __dosmaperr 30020->30032 30023 d652ee 30025 d652c3 30023->30025 30033 d6d23f RtlAllocateHeap __dosmaperr 30023->30033 30025->29948 30027 d76694 __fread_nolock std::_Lockit::_Lockit 30026->30027 30034 d7672c 30027->30034 30029 d766af 30029->30023 30030->30016 30031->30025 30032->30025 30033->30025 30039 d7674f __fread_nolock 30034->30039 30036 d767b0 30044 d76db3 RtlAllocateHeap __dosmaperr 30036->30044 30038 d76795 __fread_nolock 30038->30029 30039->30038 30040 d763f3 30039->30040 30043 d76400 __dosmaperr std::_Facet_Register 30040->30043 30041 d7642b RtlAllocateHeap 30042 d7643e __dosmaperr 30041->30042 30041->30043 30042->30036 30043->30041 30043->30042 30044->30038 30048 d5f26a 30045->30048 30049 d5ec78 30048->30049 30050 d5f27b GetSystemTimePreciseAsFileTime 30048->30050 30049->29951 30050->30049 30053 d6cf80 30052->30053 30054 d6cf58 30052->30054 30053->29955 30054->30053 30055 d6cf87 30054->30055 30056 d6cf65 30054->30056 30067 d6cea3 SetFilePointerEx WriteFile RtlAllocateHeap RtlAllocateHeap __fread_nolock 30055->30067 30066 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 30056->30066 30059 d6cfbf 30059->29955 30061 d644e8 30060->30061 30062 d644ff 30061->30062 30068 d64587 RtlAllocateHeap ___std_exception_copy __Getctype 30061->30068 30063 c99c2a 30062->30063 30069 d64587 RtlAllocateHeap ___std_exception_copy __Getctype 30062->30069 30063->29958 30066->30053 30067->30059 30068->30062 30069->30063 30071 d68acf __fread_nolock 30070->30071 30072 d68afc __fread_nolock 30071->30072 30073 d68ad9 30071->30073 30076 d68af4 30072->30076 30077 d68b5a 30072->30077 30091 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 30073->30091 30076->29961 30078 d68b67 30077->30078 30079 d68b8a 30077->30079 30116 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 30078->30116 30089 d68b82 30079->30089 30092 d655d3 30079->30092 30086 d68bb6 30109 d74a3f 30086->30109 30089->30076 30091->30076 30093 d65613 30092->30093 30094 d655ec 30092->30094 30098 d76ded 30093->30098 30094->30093 30095 d75f82 __fread_nolock RtlAllocateHeap 30094->30095 30096 d65608 30095->30096 30118 d7538b 30096->30118 30099 d76e04 30098->30099 30100 d68baa 30098->30100 30099->30100 30186 d76db3 RtlAllocateHeap __dosmaperr 30099->30186 30102 d75f82 30100->30102 30103 d75fa3 30102->30103 30104 d75f8e 30102->30104 30103->30086 30187 d6d23f RtlAllocateHeap __dosmaperr 30104->30187 30106 d75f93 30188 d647a0 RtlAllocateHeap ___std_exception_copy 30106->30188 30108 d75f9e 30108->30086 30110 d68bbd 30109->30110 30111 d74a68 30109->30111 30110->30089 30117 d76db3 RtlAllocateHeap __dosmaperr 30110->30117 30112 d74ab7 30111->30112 30114 d74a8f 30111->30114 30193 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 30112->30193 30189 d749ae 30114->30189 30116->30089 30117->30089 30120 d75397 __fread_nolock 30118->30120 30119 d7539f 30119->30093 30120->30119 30121 d753d8 30120->30121 30123 d7541e 30120->30123 30139 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 30121->30139 30123->30119 30125 d7549c 30123->30125 30126 d754c4 30125->30126 30138 d754e7 __fread_nolock 30125->30138 30127 d754c8 30126->30127 30129 d75523 30126->30129 30145 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 30127->30145 30130 d75541 30129->30130 30146 d6e17d 30129->30146 30140 d74fe1 30130->30140 30134 d755a0 30136 d75609 WriteFile 30134->30136 30134->30138 30135 d75559 30135->30138 30149 d74bb2 RtlAllocateHeap RtlAllocateHeap std::_Locinfo::_Locinfo_dtor std::_Locinfo::_Locinfo_ctor _ValidateLocalCookies 30135->30149 30136->30138 30138->30119 30139->30119 30150 d80d44 30140->30150 30142 d75021 30142->30134 30142->30135 30143 d74ff3 30143->30142 30159 d69d10 RtlAllocateHeap RtlAllocateHeap std::_Locinfo::_Locinfo_dtor ___std_exception_copy 30143->30159 30145->30138 30163 d6e05c 30146->30163 30148 d6e196 30148->30130 30149->30138 30151 d80d51 30150->30151 30153 d80d5e 30150->30153 30160 d6d23f RtlAllocateHeap __dosmaperr 30151->30160 30154 d80d6a 30153->30154 30161 d6d23f RtlAllocateHeap __dosmaperr 30153->30161 30154->30143 30156 d80d56 30156->30143 30157 d80d8b 30162 d647a0 RtlAllocateHeap ___std_exception_copy 30157->30162 30159->30142 30160->30156 30161->30157 30162->30156 30168 d7a6de 30163->30168 30165 d6e06e 30166 d6e08a SetFilePointerEx 30165->30166 30167 d6e076 __fread_nolock 30165->30167 30166->30167 30167->30148 30169 d7a700 30168->30169 30170 d7a6eb 30168->30170 30175 d7a725 30169->30175 30183 d6d22c RtlAllocateHeap __dosmaperr 30169->30183 30181 d6d22c RtlAllocateHeap __dosmaperr 30170->30181 30172 d7a6f0 30182 d6d23f RtlAllocateHeap __dosmaperr 30172->30182 30175->30165 30176 d7a730 30184 d6d23f RtlAllocateHeap __dosmaperr 30176->30184 30178 d7a6f8 30178->30165 30179 d7a738 30185 d647a0 RtlAllocateHeap ___std_exception_copy 30179->30185 30181->30172 30182->30178 30183->30176 30184->30179 30185->30178 30186->30100 30187->30106 30188->30108 30190 d749ba __fread_nolock 30189->30190 30192 d749f9 30190->30192 30194 d74b12 30190->30194 30192->30110 30193->30110 30195 d7a6de __fread_nolock RtlAllocateHeap 30194->30195 30196 d74b22 30195->30196 30198 d7a6de __fread_nolock RtlAllocateHeap 30196->30198 30204 d74b5a 30196->30204 30205 d74b28 30196->30205 30200 d74b51 30198->30200 30199 d7a6de __fread_nolock RtlAllocateHeap 30201 d74b66 FindCloseChangeNotification 30199->30201 30202 d7a6de __fread_nolock RtlAllocateHeap 30200->30202 30201->30205 30202->30204 30203 d74b80 __fread_nolock 30203->30192 30204->30199 30204->30205 30206 d7a64d RtlAllocateHeap __dosmaperr 30205->30206 30206->30203 30207->29969 30208 c98c58 7 API calls 2 library calls 30760 c81050 RtlAllocateHeap RtlAllocateHeap 30835 c99f50 5 API calls 4 library calls 30839 c82160 RtlAllocateHeap std::ios_base::_Ios_base_dtor ___std_exception_destroy 30771 c81000 RtlAllocateHeap RtlAllocateHeap RtlAllocateHeap std::_Facet_Register 30848 c94100 GetPEB RtlAllocateHeap RtlAllocateHeap std::ios_base::_Ios_base_dtor __fread_nolock 30853 c8972e 9 API calls std::ios_base::_Ios_base_dtor 30209 c97e3e 30210 cf20e0 2 API calls 30209->30210 30211 c97e5c 30210->30211 30212 cf20e0 2 API calls 30211->30212 30213 c97ed7 30212->30213 30214 cf20e0 2 API calls 30213->30214 30215 c97f4f __fread_nolock 30214->30215 30216 c82ae0 2 API calls 30215->30216 30217 c97fcc __fread_nolock 30216->30217 30218 c97ff4 GetUserNameA 30217->30218 30219 c98028 30218->30219 30220 c82ae0 2 API calls 30219->30220 30225 c985ae std::ios_base::_Ios_base_dtor 30219->30225 30221 c9808b 30220->30221 30222 cea480 2 API calls 30221->30222 30223 c980a8 30222->30223 30226 c980d1 std::_Locinfo::_Locinfo_ctor 30223->30226 30361 cf06c0 2 API calls 4 library calls 30223->30361 30227 c82ae0 2 API calls 30225->30227 30351 c9987f std::ios_base::_Ios_base_dtor 30225->30351 30228 d5e812 GetSystemTimePreciseAsFileTime 30226->30228 30229 c98676 30227->30229 30231 c98135 30228->30231 30234 cea480 2 API calls 30229->30234 30230 c82ae0 2 API calls 30246 c999c6 30230->30246 30236 c98140 30231->30236 30237 c99dc6 30231->30237 30232 d647b0 RtlAllocateHeap 30260 c99e22 30232->30260 30233 c99c97 std::ios_base::_Ios_base_dtor 30233->30232 30235 c99d9c std::ios_base::_Ios_base_dtor 30233->30235 30244 c98693 std::_Locinfo::_Locinfo_ctor 30234->30244 30241 c9815b GetFileAttributesA 30236->30241 30250 c98167 __Mtx_unlock 30236->30250 30368 d5e4bb 6 API calls std::locale::_Setgloballocale 30237->30368 30239 c99dcc 30369 c82270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 30239->30369 30241->30250 30242 c99dd1 30243 d647b0 RtlAllocateHeap 30242->30243 30245 c99dd6 30243->30245 30253 d5e812 GetSystemTimePreciseAsFileTime 30244->30253 30249 d647b0 RtlAllocateHeap 30245->30249 30247 c99e09 30246->30247 30248 c99a3e 30246->30248 30372 c82270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 30247->30372 30255 cf20e0 2 API calls 30248->30255 30252 c99ddb 30249->30252 30250->30239 30263 c981fa 30250->30263 30299 c98573 std::ios_base::_Ios_base_dtor 30250->30299 30254 d647b0 RtlAllocateHeap 30252->30254 30258 c98721 30253->30258 30257 c99de0 30254->30257 30259 c99a6a 30255->30259 30256 c99e0e 30261 d647b0 RtlAllocateHeap 30256->30261 30370 d5e4bb 6 API calls std::locale::_Setgloballocale 30257->30370 30258->30257 30262 c9872c 30258->30262 30265 cea480 2 API calls 30259->30265 30308 c99c30 30261->30308 30275 c9874f GetFileAttributesA 30262->30275 30282 c9875b __Mtx_unlock 30262->30282 30269 cf20e0 2 API calls 30263->30269 30267 c99a7d 30265->30267 30266 c99de6 30270 d647b0 RtlAllocateHeap 30266->30270 30271 cea4f0 2 API calls 30267->30271 30268 d647b0 RtlAllocateHeap 30309 c99c5d std::ios_base::_Ios_base_dtor 30268->30309 30273 c98222 30269->30273 30272 c99deb 30270->30272 30279 c99adb std::ios_base::_Ios_base_dtor 30271->30279 30371 c82270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 30272->30371 30278 c9824f std::_Locinfo::_Locinfo_ctor 30273->30278 30362 cf06c0 2 API calls 4 library calls 30273->30362 30274 d647b0 RtlAllocateHeap 30274->30233 30275->30282 30289 c98775 __Mtx_unlock 30275->30289 30277 c99df0 30281 d647b0 RtlAllocateHeap 30277->30281 30285 cea480 2 API calls 30278->30285 30279->30256 30284 c99b4d std::ios_base::_Ios_base_dtor 30279->30284 30281->30247 30283 c82ae0 2 API calls 30282->30283 30282->30289 30283->30289 30286 d65362 RtlAllocateHeap 30284->30286 30292 c9830a std::ios_base::_Ios_base_dtor 30285->30292 30287 c99b91 30286->30287 30288 c940e0 GetSystemTimePreciseAsFileTime 30287->30288 30287->30309 30298 c99ba3 30288->30298 30289->30266 30294 c987cd std::ios_base::_Ios_base_dtor 30289->30294 30290 c983e2 std::ios_base::_Ios_base_dtor 30291 cea770 2 API calls 30290->30291 30293 c9840c 30291->30293 30292->30242 30292->30290 30352 c8a600 30293->30352 30294->30272 30294->30294 30296 c988be 30294->30296 30294->30351 30297 cf20e0 2 API calls 30296->30297 30300 c988e6 30297->30300 30303 d6d168 4 API calls 30298->30303 30299->30225 30299->30252 30301 c9890d std::_Locinfo::_Locinfo_ctor 30300->30301 30363 cf06c0 2 API calls 4 library calls 30300->30363 30307 cea480 2 API calls 30301->30307 30304 c99c2a 30303->30304 30306 d68be8 5 API calls 30304->30306 30305 c98411 30305->30245 30305->30299 30305->30305 30306->30308 30311 c989a7 std::ios_base::_Ios_base_dtor 30307->30311 30308->30268 30308->30309 30309->30233 30309->30274 30310 c98a8d std::ios_base::_Ios_base_dtor 30312 cea770 2 API calls 30310->30312 30311->30277 30311->30310 30313 c98aba 30312->30313 30314 c8a600 5 API calls 30313->30314 30315 c98abf 30314->30315 30315->30315 30316 c82ae0 2 API calls 30315->30316 30315->30351 30317 c98c04 30316->30317 30318 cee530 2 API calls 30317->30318 30319 c98c90 30318->30319 30320 cea480 2 API calls 30319->30320 30321 c98ca2 30320->30321 30322 c98d43 std::_Locinfo::_Locinfo_ctor 30321->30322 30364 cf06c0 2 API calls 4 library calls 30321->30364 30324 cea480 2 API calls 30322->30324 30325 c98e17 30324->30325 30326 c98eb2 std::_Locinfo::_Locinfo_ctor 30325->30326 30365 cf06c0 2 API calls 4 library calls 30325->30365 30328 cea480 2 API calls 30326->30328 30330 c98f88 std::ios_base::_Ios_base_dtor 30328->30330 30329 cea770 2 API calls 30331 c991fc 30329->30331 30330->30329 30332 c95b90 7 API calls 30331->30332 30333 c99203 30332->30333 30334 c82ae0 2 API calls 30333->30334 30335 c99313 30334->30335 30336 cee530 2 API calls 30335->30336 30337 c99395 30336->30337 30338 cea480 2 API calls 30337->30338 30339 c993a7 30338->30339 30340 c9941e std::_Locinfo::_Locinfo_ctor 30339->30340 30366 cf06c0 2 API calls 4 library calls 30339->30366 30342 cea480 2 API calls 30340->30342 30343 c994bc 30342->30343 30344 c99557 std::_Locinfo::_Locinfo_ctor 30343->30344 30367 cf06c0 2 API calls 4 library calls 30343->30367 30346 cea480 2 API calls 30344->30346 30347 c99627 std::ios_base::_Ios_base_dtor 30346->30347 30348 cea770 2 API calls 30347->30348 30349 c99878 30348->30349 30350 c95b90 7 API calls 30349->30350 30350->30351 30351->30230 30351->30233 30353 c8a610 30352->30353 30353->30353 30354 d65362 RtlAllocateHeap 30353->30354 30355 c8a638 30354->30355 30356 d68be8 5 API calls 30355->30356 30358 c8a645 30355->30358 30356->30358 30357 c8a674 std::ios_base::_Ios_base_dtor 30357->30305 30358->30357 30359 d647b0 RtlAllocateHeap 30358->30359 30360 c8a68a 30359->30360 30361->30226 30362->30278 30363->30301 30364->30322 30365->30326 30366->30340 30367->30344 30369->30242 30371->30277 30372->30256 30789 c8c430 22 API calls __fread_nolock 30857 c8af30 4 API calls 2 library calls

              Executed Functions

              Function 00C97E3E Relevance: 65.3, APIs: 7, Strings: 29, Instructions: 2282COMMON
              Download Yara Rule
              APIs
              • GetUserNameA.ADVAPI32(?,00000104,?,?,?), ref: 00C98006
              • GetFileAttributesA.KERNELBASE(?,00000001,?,?,?,?), ref: 00C9815D
              • __Mtx_unlock.LIBCPMT ref: 00C98186
              • __Mtx_unlock.LIBCPMT ref: 00C98195
              • GetFileAttributesA.KERNELBASE(?,?,0000005C,00000000,00000001), ref: 00C98751
              • __Mtx_unlock.LIBCPMT ref: 00C9877A
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Mtx_unlock$AttributesFile$NameUser
              • String ID: $*`'$$*`'$$*tk$'[_+$'[_+$(ACL$*$+$+wj'$.$.$131$@@MC$DH][$IMG$I^Z$OFMM$P?Y$Q>5$RM[#$\$\$agnd$bqZP$e`vf$e`vf$ec`v$rnql${~RL
              • API String ID: 1275484822-1183361679
              • Opcode ID: 674d3b62e2bc2bad7dd2ea7e4da102fe8d71afda61e0f38433e275c26bc76ace
              • Instruction ID: dc5d52815c1f56777e5ae0d8543f0228f5880d93e85acb6f69642506a5ed3ddd
              • Opcode Fuzzy Hash: 674d3b62e2bc2bad7dd2ea7e4da102fe8d71afda61e0f38433e275c26bc76ace
              • Instruction Fuzzy Hash: D6235B709002598FDF28CF68C898BEDBBB5EF45304F1481EDD419AB282E7759A85CF61
              Function 00C8B6A0 Relevance: 21.8, APIs: 4, Strings: 8, Instructions: 840registryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 585 c8b6a0-c8b6fc 586 c8b6fe-c8b701 585->586 587 c8b704-c8b72d 585->587 586->587 589 c8b733-c8b743 call d650b2 587->589 590 c8b7e5-c8b7ec 587->590 599 c8b749-c8b75d 589->599 600 c8b7e4 589->600 591 c8b7ee-c8b7fa 590->591 592 c8b816-c8b826 590->592 594 c8b80c-c8b813 call d5f511 591->594 595 c8b7fc-c8b80a 591->595 594->592 595->594 597 c8b827-c8b863 call d647b0 call c8a440 595->597 610 c8b86a-c8b87e 597->610 611 c8b865 597->611 605 c8b7db-c8b7e1 call d6d7d6 599->605 606 c8b75f-c8b78c 599->606 600->590 605->600 606->605 615 c8b78e-c8b79e call d650b2 606->615 614 c8b880-c8b88b 610->614 611->610 614->614 616 c8b88d-c8b8bd 614->616 615->605 621 c8b7a0-c8b7b9 615->621 618 c8b8c0-c8b8c5 616->618 618->618 620 c8b8c7-c8b921 call c82ae0 618->620 625 c8b925-c8b930 620->625 626 c8b7bb-c8b7bd 621->626 627 c8b7d2-c8b7d8 call d6d7d6 621->627 625->625 628 c8b932-c8b94e RegOpenKeyExA 625->628 629 c8b7c0-c8b7c5 626->629 627->605 631 c8b954-c8b97d 628->631 632 c8b9e5-c8b9f9 628->632 629->629 633 c8b7c7-c8b7cd call cea350 629->633 636 c8b980-c8b98b 631->636 635 c8ba00-c8ba0b 632->635 633->627 635->635 638 c8ba0d-c8ba3d 635->638 636->636 639 c8b98d-c8b9b1 RegQueryValueExA 636->639 640 c8ba40-c8ba45 638->640 641 c8b9dc-c8b9df 639->641 642 c8b9b3-c8b9bc 639->642 640->640 643 c8ba47-c8ba7f call c82ae0 call d614f0 GetCurrentHwProfileA 640->643 641->632 644 c8b9c0-c8b9c5 642->644 651 c8baac-c8bad9 call c8b360 SetupDiGetClassDevsA 643->651 652 c8ba81-c8ba8a 643->652 644->644 646 c8b9c7-c8b9d7 call cea350 644->646 646->641 657 c8badb-c8bb0b 651->657 658 c8bb0d-c8bb1b call c8b1a0 651->658 654 c8ba90-c8ba95 652->654 654->654 656 c8ba97-c8baa7 call cea350 654->656 656->651 660 c8bb1e-c8bb3c 657->660 658->660 663 c8bb40-c8bb45 660->663 663->663 664 c8bb47-c8bb58 663->664 665 c8bb5e-c8bb6b 664->665 666 c8c141 call c82270 664->666 668 c8bb6d 665->668 669 c8bb73-c8bb9a call cf20e0 665->669 670 c8c146 call d647b0 666->670 668->669 675 c8bb9c 669->675 676 c8bba2-c8bbba 669->676 674 c8c14b-c8c167 call d647b0 670->674 686 c8c169-c8c16b 674->686 687 c8c182-c8c185 674->687 675->676 677 c8bbbc-c8bbce 676->677 678 c8bbf3-c8bc08 call cf06c0 676->678 680 c8bbd0 677->680 681 c8bbd6-c8bbf1 call d60f70 677->681 689 c8bc0a-c8bd39 call cea480 call cf1ed0 call cea480 call cf1ed0 678->689 680->681 681->689 690 c8c170-c8c17c 686->690 700 c8bd6a-c8bd77 689->700 701 c8bd3b-c8bd4a 689->701 690->690 692 c8c17e 690->692 692->687 704 c8bda8-c8bdcd 700->704 705 c8bd79-c8bd88 700->705 702 c8bd4c-c8bd5a 701->702 703 c8bd60-c8bd67 call d5f511 701->703 702->670 702->703 703->700 709 c8bdfb-c8be05 704->709 710 c8bdcf-c8bddb 704->710 707 c8bd8a-c8bd98 705->707 708 c8bd9e-c8bda5 call d5f511 705->708 707->670 707->708 708->704 711 c8be33-c8be52 709->711 712 c8be07-c8be13 709->712 715 c8bddd-c8bdeb 710->715 716 c8bdf1-c8bdf8 call d5f511 710->716 720 c8be83-c8beab 711->720 721 c8be54-c8be63 711->721 718 c8be29-c8be30 call d5f511 712->718 719 c8be15-c8be23 712->719 715->670 715->716 716->709 718->711 719->670 719->718 723 c8bedc-c8bee6 720->723 724 c8bead-c8bebc 720->724 727 c8be79-c8be80 call d5f511 721->727 728 c8be65-c8be73 721->728 731 c8bee8-c8bef4 723->731 732 c8bf14-c8bf9b 723->732 729 c8bebe-c8becc 724->729 730 c8bed2-c8bed9 call d5f511 724->730 727->720 728->670 728->727 729->670 729->730 730->723 736 c8bf0a-c8bf11 call d5f511 731->736 737 c8bef6-c8bf04 731->737 738 c8bf9d-c8bfa3 732->738 739 c8bfa6-c8bfab 732->739 736->732 737->670 737->736 738->739 743 c8bfad 739->743 744 c8bfd6-c8bfd8 739->744 748 c8bfb2-c8bfce call d05b20 743->748 745 c8bfda-c8bffe call d60f70 744->745 746 c8c000 744->746 751 c8c00a-c8c01d call d05980 745->751 746->751 755 c8bfd0 748->755 757 c8c01f-c8c02f 751->757 758 c8c030-c8c04f 751->758 755->744 757->758 759 c8c050-c8c055 758->759 759->759 760 c8c057-c8c06e call c82ae0 759->760 763 c8c09f-c8c0c3 760->763 764 c8c070-c8c07f 760->764 767 c8c0f8-c8c101 763->767 768 c8c0c5-c8c0d6 763->768 765 c8c081-c8c08f 764->765 766 c8c095-c8c09c call d5f511 764->766 765->674 765->766 766->763 772 c8c12e-c8c140 767->772 773 c8c103-c8c112 767->773 770 c8c0d8-c8c0e9 768->770 771 c8c0ee-c8c0f5 call d5f511 768->771 770->674 775 c8c0eb 770->775 771->767 777 c8c124-c8c12b call d5f511 773->777 778 c8c114-c8c122 773->778 775->771 777->772 778->674 778->777
              APIs
              • RegOpenKeyExA.KERNELBASE(80000002,A3B0BAA7,00000000,00020019,00000000,999D9BA1,999D9BA2), ref: 00C8B947
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Open
              • String ID: :$_$_$_$`yk$bqZD$cj|n$rnql
              • API String ID: 71445658-3798079816
              • Opcode ID: 359b8c0e3a2dee1716f3e49c4354f3a7f0470a8283328f5ef6bee0bbd0faf870
              • Instruction ID: 7092774ec5ef9f5af39a22e93606da422082d207bc54ee4bc9b5e3e6852ffb3e
              • Opcode Fuzzy Hash: 359b8c0e3a2dee1716f3e49c4354f3a7f0470a8283328f5ef6bee0bbd0faf870
              • Instruction Fuzzy Hash: 2572C170D002599FDB18DF68CC84BEEBBB5EF05304F1481ADE419AB282E7759A85CF64
              Function 00C9E0A0 Relevance: 6.1, APIs: 4, Instructions: 100networkCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1328 c9e0a0-c9e0d2 WSAStartup 1329 c9e0d8-c9e102 call c86bd0 * 2 1328->1329 1330 c9e1b7-c9e1c0 1328->1330 1335 c9e10e-c9e165 1329->1335 1336 c9e104-c9e108 1329->1336 1338 c9e1b1 1335->1338 1339 c9e167-c9e16d 1335->1339 1336->1330 1336->1335 1338->1330 1340 c9e16f 1339->1340 1341 c9e1c5-c9e1cf 1339->1341 1342 c9e175-c9e189 socket 1340->1342 1341->1338 1347 c9e1d1-c9e1d9 1341->1347 1342->1338 1343 c9e18b-c9e19b connect 1342->1343 1345 c9e19d-c9e1a5 closesocket 1343->1345 1346 c9e1c1 1343->1346 1345->1342 1348 c9e1a7-c9e1ab 1345->1348 1346->1341 1348->1338
              APIs
              • WSAStartup.WS2_32 ref: 00C9E0CB
              • socket.WS2_32(?,?,?,?,?,?,00DB7320,?,?,?,?,?,?), ref: 00C9E17F
              • connect.WS2_32(00000000,?,00000000,?,?,?,00DB7320,?,?,?,?,?,?), ref: 00C9E193
              • closesocket.WS2_32(00000000), ref: 00C9E19E
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Startupclosesocketconnectsocket
              • String ID:
              • API String ID: 3098855095-0
              • Opcode ID: 09500071b46c38ba84df7744c0710e12904fe07718646696b4cacc084e012d31
              • Instruction ID: e4d46504de4359328365c42ee96d990829165e44489f5756bedc2c9f11439db1
              • Opcode Fuzzy Hash: 09500071b46c38ba84df7744c0710e12904fe07718646696b4cacc084e012d31
              • Instruction Fuzzy Hash: 5B31B071604301ABDB20DF29CC89B2FB7E4EB85728F055F1DF9B8962E1D33199048B92
              Function 00C8A690 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1349 c8a690-c8a6a7 call d5e812 1352 c8a6a9-c8a6ab 1349->1352 1353 c8a6fe-c8a722 call d5e4bb call d5e812 1349->1353 1354 c8a6ad-c8a6af 1352->1354 1355 c8a6e7 1352->1355 1368 c8a73f-c8a745 call d5e4bb 1353->1368 1369 c8a724-c8a73e call d5e823 1353->1369 1358 c8a6b2-c8a6b7 1354->1358 1357 c8a6e9-c8a6fd call d5e823 1355->1357 1358->1358 1361 c8a6b9-c8a6bb 1358->1361 1361->1355 1364 c8a6bd-c8a6c7 GetFileAttributesA 1361->1364 1366 c8a6c9-c8a6d2 1364->1366 1367 c8a6e3-c8a6e5 1364->1367 1366->1367 1374 c8a6d4-c8a6d7 1366->1374 1367->1357 1374->1367 1376 c8a6d9-c8a6dc 1374->1376 1376->1367 1378 c8a6de-c8a6e1 1376->1378 1378->1355 1378->1367
              APIs
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Mtx_unlock$AttributesFile
              • String ID:
              • API String ID: 1886074773-0
              • Opcode ID: 2ecc5c89a1039dedb13cd57fc0dd2b214ece9a12aa83555921f993490db8c6a3
              • Instruction ID: a8bbe8384f531e7cc673e4b1d7a207f19a941a940096da92d8b16abf19290714
              • Opcode Fuzzy Hash: 2ecc5c89a1039dedb13cd57fc0dd2b214ece9a12aa83555921f993490db8c6a3
              • Instruction Fuzzy Hash: FC01C491A45121276D3831742C565FB2A08C99236E72C4923FC26C624AF543DF5953F7
              Function 00C8A090 Relevance: 3.3, APIs: 2, Instructions: 342COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1379 c8a090-c8a12b call d5f290 call c82ae0 1384 c8a130-c8a13b 1379->1384 1384->1384 1385 c8a13d-c8a148 1384->1385 1386 c8a14a 1385->1386 1387 c8a14d-c8a15e call d65362 1385->1387 1386->1387 1390 c8a160-c8a189 call d69136 call d64eeb call d69136 1387->1390 1391 c8a1c4-c8a1ca 1387->1391 1409 c8a19b-c8a1a2 call cecf60 1390->1409 1410 c8a18b-c8a18f 1390->1410 1393 c8a1cc-c8a1d8 1391->1393 1394 c8a1f4-c8a206 1391->1394 1396 c8a1ea-c8a1f1 call d5f511 1393->1396 1397 c8a1da-c8a1e8 1393->1397 1396->1394 1397->1396 1399 c8a207-c8a2ab call d647b0 call d5f290 call c82ae0 1397->1399 1419 c8a2b0-c8a2bb 1399->1419 1415 c8a1a7-c8a1ad 1409->1415 1413 c8a191 1410->1413 1414 c8a193-c8a199 1410->1414 1413->1414 1414->1415 1417 c8a1af 1415->1417 1418 c8a1b1-c8a1c1 call d6dbdf call d68be8 1415->1418 1417->1418 1418->1391 1419->1419 1421 c8a2bd-c8a2c8 1419->1421 1423 c8a2ca 1421->1423 1424 c8a2cd-c8a2de call d65362 1421->1424 1423->1424 1429 c8a2e0-c8a305 call d69136 call d64eeb call d69136 1424->1429 1430 c8a351-c8a357 1424->1430 1447 c8a30c-c8a316 1429->1447 1448 c8a307 1429->1448 1431 c8a359-c8a365 1430->1431 1432 c8a381-c8a393 1430->1432 1434 c8a377-c8a37e call d5f511 1431->1434 1435 c8a367-c8a375 1431->1435 1434->1432 1435->1434 1437 c8a394-c8a3ae call d647b0 1435->1437 1446 c8a3b0-c8a3bb 1437->1446 1446->1446 1449 c8a3bd-c8a3c8 1446->1449 1450 c8a328-c8a32f call cecf60 1447->1450 1451 c8a318-c8a31c 1447->1451 1448->1447 1452 c8a3ca 1449->1452 1453 c8a3cd-c8a3df call d65362 1449->1453 1459 c8a334-c8a33a 1450->1459 1454 c8a31e 1451->1454 1455 c8a320-c8a326 1451->1455 1452->1453 1460 c8a3fc-c8a403 1453->1460 1461 c8a3e1-c8a3f9 call d69136 call d64eeb call d68be8 1453->1461 1454->1455 1455->1459 1462 c8a33c 1459->1462 1463 c8a33e-c8a349 call d6dbdf call d68be8 1459->1463 1465 c8a42d-c8a433 1460->1465 1466 c8a405-c8a411 1460->1466 1461->1460 1462->1463 1477 c8a34e 1463->1477 1469 c8a423-c8a42a call d5f511 1466->1469 1470 c8a413-c8a421 1466->1470 1469->1465 1470->1469 1473 c8a434-c8a439 call d647b0 1470->1473 1477->1430
              APIs
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: __fread_nolock
              • String ID:
              • API String ID: 2638373210-0
              • Opcode ID: d93b8a568f0d902c7579028841f9226c1c9d4c47f30e711a99ed992e4ac7910f
              • Instruction ID: 357f43838dbe4ff4e8df23a315acf07f7d003f018380900886b5de7a9b99c537
              • Opcode Fuzzy Hash: d93b8a568f0d902c7579028841f9226c1c9d4c47f30e711a99ed992e4ac7910f
              • Instruction Fuzzy Hash: D3B13870900204AFEB18EF68CC49B9EBBE8EF41704F10856EF4159B682D7B5DA41C7B6
              Function 00D74623 Relevance: 3.3, APIs: 2, Instructions: 297COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1483 d74623-d74633 1484 d74635-d74648 call d6d22c call d6d23f 1483->1484 1485 d7464d-d7464f 1483->1485 1501 d749a7 1484->1501 1487 d74655-d7465b 1485->1487 1488 d7498f-d7499c call d6d22c call d6d23f 1485->1488 1487->1488 1490 d74661-d7468a 1487->1490 1504 d749a2 call d647a0 1488->1504 1490->1488 1493 d74690-d74699 1490->1493 1496 d746b3-d746b5 1493->1496 1497 d7469b-d746ae call d6d22c call d6d23f 1493->1497 1499 d7498b-d7498d 1496->1499 1500 d746bb-d746bf 1496->1500 1497->1504 1506 d749aa-d749ad 1499->1506 1500->1499 1505 d746c5-d746c9 1500->1505 1501->1506 1504->1501 1505->1497 1509 d746cb-d746e2 1505->1509 1511 d74717-d7471d 1509->1511 1512 d746e4-d746e7 1509->1512 1516 d746f1-d74708 call d6d22c call d6d23f call d647a0 1511->1516 1517 d7471f-d74726 1511->1517 1514 d7470d-d74715 1512->1514 1515 d746e9-d746ef 1512->1515 1521 d7478a-d747a9 1514->1521 1515->1514 1515->1516 1548 d748c2 1516->1548 1518 d7472a-d74748 call d76e2d call d76db3 * 2 1517->1518 1519 d74728 1517->1519 1552 d74765-d74788 call d6e13d 1518->1552 1553 d7474a-d74760 call d6d23f call d6d22c 1518->1553 1519->1518 1522 d74865-d7486e call d80d44 1521->1522 1523 d747af-d747bb 1521->1523 1537 d74870-d74882 1522->1537 1538 d748df 1522->1538 1523->1522 1526 d747c1-d747c3 1523->1526 1526->1522 1530 d747c9-d747ea 1526->1530 1530->1522 1534 d747ec-d74802 1530->1534 1534->1522 1540 d74804-d74806 1534->1540 1537->1538 1543 d74884-d74893 1537->1543 1539 d748e3-d748f9 ReadFile 1538->1539 1544 d74957-d74962 1539->1544 1545 d748fb-d74901 1539->1545 1540->1522 1546 d74808-d7482b 1540->1546 1543->1538 1555 d74895-d74899 1543->1555 1563 d74964-d74976 call d6d23f call d6d22c 1544->1563 1564 d7497b-d7497e 1544->1564 1545->1544 1550 d74903 1545->1550 1546->1522 1551 d7482d-d74843 1546->1551 1554 d748c5-d748cf call d76db3 1548->1554 1557 d74906-d74918 1550->1557 1551->1522 1558 d74845-d74847 1551->1558 1552->1521 1553->1548 1554->1506 1555->1539 1562 d7489b-d748b3 1555->1562 1557->1554 1565 d7491a-d7491e 1557->1565 1558->1522 1566 d74849-d74860 1558->1566 1583 d748b5 1562->1583 1584 d748d4-d748dd 1562->1584 1563->1548 1573 d74984-d74986 1564->1573 1574 d748bb-d748c1 call d6d1e5 1564->1574 1571 d74937-d74944 1565->1571 1572 d74920-d74930 call d74335 1565->1572 1566->1522 1580 d74946 call d7448c 1571->1580 1581 d74950-d74955 call d7417b 1571->1581 1591 d74933-d74935 1572->1591 1573->1554 1574->1548 1592 d7494b-d7494e 1580->1592 1581->1592 1583->1574 1584->1557 1591->1554 1592->1591
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 504525e84e11b37361db5a06691853825d85a9a145642f7e6b4e2a5bdef05f9f
              • Instruction ID: f718eeb3373f33a64ff500eb1515fd1b8f82967b8db6d075dcd7c7abc0d46b5f
              • Opcode Fuzzy Hash: 504525e84e11b37361db5a06691853825d85a9a145642f7e6b4e2a5bdef05f9f
              • Instruction Fuzzy Hash: 19B1F370E042499FDB12DFA8D850BBEBBB5EF4A310F188259E5489B386E770D941CB71
              Function 00D7549C Relevance: 1.7, APIs: 1, Instructions: 198fileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1594 d7549c-d754be 1595 d754c4-d754c6 1594->1595 1596 d756b1 1594->1596 1597 d754f2-d75515 1595->1597 1598 d754c8-d754e7 call d64723 1595->1598 1599 d756b3-d756b7 1596->1599 1601 d75517-d75519 1597->1601 1602 d7551b-d75521 1597->1602 1605 d754ea-d754ed 1598->1605 1601->1602 1604 d75523-d75534 1601->1604 1602->1598 1602->1604 1606 d75547-d75557 call d74fe1 1604->1606 1607 d75536-d75544 call d6e17d 1604->1607 1605->1599 1612 d755a0-d755b2 1606->1612 1613 d75559-d7555f 1606->1613 1607->1606 1616 d755b4-d755ba 1612->1616 1617 d75609-d75629 WriteFile 1612->1617 1614 d75561-d75564 1613->1614 1615 d75588-d7559e call d74bb2 1613->1615 1620 d75566-d75569 1614->1620 1621 d7556f-d7557e call d74f79 1614->1621 1639 d75581-d75583 1615->1639 1618 d755f5-d75607 call d7505e 1616->1618 1619 d755bc-d755bf 1616->1619 1623 d75634 1617->1623 1624 d7562b-d75631 1617->1624 1645 d755dc-d755df 1618->1645 1626 d755e1-d755f3 call d75222 1619->1626 1627 d755c1-d755c4 1619->1627 1620->1621 1628 d75649-d7564c 1620->1628 1621->1639 1625 d75637-d75642 1623->1625 1624->1623 1632 d75644-d75647 1625->1632 1633 d756ac-d756af 1625->1633 1626->1645 1634 d7564f-d75651 1627->1634 1635 d755ca-d755d7 call d75139 1627->1635 1628->1634 1632->1628 1633->1599 1642 d75653-d75658 1634->1642 1643 d7567f-d7568b 1634->1643 1635->1645 1639->1625 1646 d75671-d7567a call d6d208 1642->1646 1647 d7565a-d7566c 1642->1647 1648 d75695-d756a7 1643->1648 1649 d7568d-d75693 1643->1649 1645->1639 1646->1605 1647->1605 1648->1605 1649->1596 1649->1648
              APIs
              • WriteFile.KERNELBASE(?,00000000,00D69087,?,00000000,00000000,00000000,?,00000000,?,00D5E5B1,00D69087,00000000,00D5E5B1,?,?), ref: 00D75622
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: FileWrite
              • String ID:
              • API String ID: 3934441357-0
              • Opcode ID: eeaf799d3d2d470bf4b92d67812f719ceed6ff32afecb3bebbca388263abf25c
              • Instruction ID: 756c76e5492da6ea3a663e24d9fcc72df9bcd72e379b140dedbbc76cb0b83e68
              • Opcode Fuzzy Hash: eeaf799d3d2d470bf4b92d67812f719ceed6ff32afecb3bebbca388263abf25c
              • Instruction Fuzzy Hash: 8761B471D04519AFDF11DFA8D844EAEBFBAEF09304F588149E808A7249E3B1D911CBB1
              Function 00D64942 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1652 d64942-d6494f 1653 d64951-d64974 call d64723 1652->1653 1654 d64979-d6498d call d75f82 1652->1654 1659 d64ae0-d64ae2 1653->1659 1660 d64992-d6499b call d6e11f 1654->1660 1661 d6498f 1654->1661 1663 d649a0-d649af 1660->1663 1661->1660 1664 d649b1 1663->1664 1665 d649bf-d649c8 1663->1665 1666 d649b7-d649b9 1664->1666 1667 d64a89-d64a8e 1664->1667 1668 d649dc-d64a10 1665->1668 1669 d649ca-d649d7 1665->1669 1666->1665 1666->1667 1670 d64ade-d64adf 1667->1670 1672 d64a12-d64a1c 1668->1672 1673 d64a6d-d64a79 1668->1673 1671 d64adc 1669->1671 1670->1659 1671->1670 1674 d64a43-d64a4f 1672->1674 1675 d64a1e-d64a2a 1672->1675 1676 d64a90-d64a93 1673->1676 1677 d64a7b-d64a82 1673->1677 1674->1676 1679 d64a51-d64a6b call d64e59 1674->1679 1675->1674 1678 d64a2c-d64a3e call d64cae 1675->1678 1680 d64a96-d64a9e 1676->1680 1677->1667 1678->1670 1679->1680 1683 d64aa0-d64aa6 1680->1683 1684 d64ada 1680->1684 1687 d64abe-d64ac2 1683->1687 1688 d64aa8-d64abc call d64ae3 1683->1688 1684->1671 1689 d64ac4-d64ad2 call d84a10 1687->1689 1690 d64ad5-d64ad7 1687->1690 1688->1670 1689->1690 1690->1684
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 60a601dee669c779e4ae3485be377ebd20708f620ee71672446dfd1c57c25fe9
              • Instruction ID: e6e4706b9181af81373053f14856c5beacf54a2098d9cc7f34cf042d9c9029f8
              • Opcode Fuzzy Hash: 60a601dee669c779e4ae3485be377ebd20708f620ee71672446dfd1c57c25fe9
              • Instruction Fuzzy Hash: 8F519570A40208FFDB14CF98CC85AAABFA5EF45358F288159F8499B252D371DE41CBB4
              Function 00CF0560 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1695 cf0560-cf057f 1696 cf06a9 call c82270 1695->1696 1697 cf0585-cf0598 1695->1697 1702 cf06ae call c821d0 1696->1702 1698 cf059a 1697->1698 1699 cf05c0-cf05c8 1697->1699 1701 cf059c-cf05a1 1698->1701 1703 cf05ca-cf05cf 1699->1703 1704 cf05d1-cf05d5 1699->1704 1705 cf05a4-cf05a5 call d5f290 1701->1705 1710 cf06b3-cf06b8 call d647b0 1702->1710 1703->1701 1707 cf05d9-cf05e1 1704->1707 1708 cf05d7 1704->1708 1713 cf05aa-cf05af 1705->1713 1711 cf05e3-cf05e8 1707->1711 1712 cf05f0-cf05f2 1707->1712 1708->1707 1711->1702 1715 cf05ee 1711->1715 1716 cf05f4-cf05ff call d5f290 1712->1716 1717 cf0601 1712->1717 1713->1710 1720 cf05b5-cf05be 1713->1720 1715->1705 1719 cf0603-cf0629 1716->1719 1717->1719 1723 cf062b-cf0655 call d60f70 call d614f0 1719->1723 1724 cf0680-cf06a6 call d60f70 call d614f0 1719->1724 1720->1719 1733 cf0669-cf067d call d5f511 1723->1733 1734 cf0657-cf0665 1723->1734 1734->1710 1735 cf0667 1734->1735 1735->1733
              APIs
              • Concurrency::cancel_current_task.LIBCPMT ref: 00CF06AE
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Concurrency::cancel_current_task
              • String ID:
              • API String ID: 118556049-0
              • Opcode ID: 704878a6fb962aec51445f9c7907984ce5d7d965d91800b1a8fb89f3cbd27ced
              • Instruction ID: 24996bce6b0c376f712f9fd696192d67e59c53d909396b112f32447166f5b2da
              • Opcode Fuzzy Hash: 704878a6fb962aec51445f9c7907984ce5d7d965d91800b1a8fb89f3cbd27ced
              • Instruction Fuzzy Hash: 974103B2A001189FCB05EF68DD806AE7BA5EF88710F240169FD15DB302D770DE618BE6
              Function 00D74B12 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1738 d74b12-d74b26 call d7a6de 1741 d74b2c-d74b34 1738->1741 1742 d74b28-d74b2a 1738->1742 1743 d74b36-d74b3d 1741->1743 1744 d74b3f-d74b42 1741->1744 1745 d74b7a-d74b9a call d7a64d 1742->1745 1743->1744 1746 d74b4a-d74b5e call d7a6de * 2 1743->1746 1747 d74b44-d74b48 1744->1747 1748 d74b60-d74b70 call d7a6de FindCloseChangeNotification 1744->1748 1753 d74bac 1745->1753 1754 d74b9c-d74baa call d6d208 1745->1754 1746->1742 1746->1748 1747->1746 1747->1748 1748->1742 1760 d74b72-d74b78 1748->1760 1758 d74bae-d74bb1 1753->1758 1754->1758 1760->1745
              APIs
              • FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,00D749F9,00000000,CF830579,00DB1140,0000000C,00D74AB5,00D68BBD,?), ref: 00D74B69
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 4b0c4aee87baa356cc433ab46a6e218f0bcf95e010a2a98846fbec89aa2b4a1c
              • Instruction ID: ad6e07fc678897603022a7b2b8f5fafa5bcaed3622625d5698b4e0b702f567fd
              • Opcode Fuzzy Hash: 4b0c4aee87baa356cc433ab46a6e218f0bcf95e010a2a98846fbec89aa2b4a1c
              • Instruction Fuzzy Hash: C4112B3374512496CB2762386851B7E6B4ACBC2774F2D8649F91C8B1C2FF61DC415175
              Function 00D6E05C Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1764 d6e05c-d6e074 call d7a6de 1767 d6e076-d6e07d 1764->1767 1768 d6e08a-d6e0a0 SetFilePointerEx 1764->1768 1769 d6e084-d6e088 1767->1769 1770 d6e0b5-d6e0bf 1768->1770 1771 d6e0a2-d6e0b3 call d6d208 1768->1771 1772 d6e0db-d6e0de 1769->1772 1770->1769 1773 d6e0c1-d6e0d6 1770->1773 1771->1769 1773->1772
              APIs
              • SetFilePointerEx.KERNELBASE(00000000,00000000,00DB0DF8,00D5E5B1,00000002,00D5E5B1,00000000,?,?,?,00D6E166,00000000,?,00D5E5B1,00000002,00DB0DF8), ref: 00D6E099
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: FilePointer
              • String ID:
              • API String ID: 973152223-0
              • Opcode ID: c836ad457f19a93433b81109490f4d8cb0e451b680b341689c2257422c1c4abd
              • Instruction ID: ab4bd61add9e1f0ad53d0e52cedbe4f01f02c16f6121d74443dc82eae8d7a8b1
              • Opcode Fuzzy Hash: c836ad457f19a93433b81109490f4d8cb0e451b680b341689c2257422c1c4abd
              • Instruction Fuzzy Hash: C4012636614119ABCF05CF18CC05D9F3B29DB85334B280248F8509B2D1E6B2E9418BE0
              Function 00D5F290 Relevance: 1.6, APIs: 1, Instructions: 51COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1777 d5f290-d5f293 1778 d5f2a2-d5f2a5 call d6df2c 1777->1778 1780 d5f2aa-d5f2ad 1778->1780 1781 d5f295-d5f2a0 call d717d8 1780->1781 1782 d5f2af-d5f2b0 1780->1782 1781->1778 1785 d5f2b1-d5f2b5 1781->1785 1786 c821d0-c82220 call c821b0 call d60efb call d60651 1785->1786 1787 d5f2bb 1785->1787 1787->1787
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00C8220E
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID:
              • API String ID: 2659868963-0
              • Opcode ID: bd7e0067bb086f80b45c316382e84229741abfaa6cebb2a58e32a7dd70dcbfa1
              • Instruction ID: 49382ebe8555f9d9a28bb771575809a44b212f4de84fc74aac5abd35b1fc817d
              • Opcode Fuzzy Hash: bd7e0067bb086f80b45c316382e84229741abfaa6cebb2a58e32a7dd70dcbfa1
              • Instruction Fuzzy Hash: 62012B7550030DABCF14AF98E80689A7BECDE00310F548439FE58DB651EB70E95887B4
              Function 00D763F3 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1794 d763f3-d763fe 1795 d76400-d7640a 1794->1795 1796 d7640c-d76412 1794->1796 1795->1796 1797 d76440-d7644b call d6d23f 1795->1797 1798 d76414-d76415 1796->1798 1799 d7642b-d7643c RtlAllocateHeap 1796->1799 1805 d7644d-d7644f 1797->1805 1798->1799 1801 d76417-d7641e call d73f93 1799->1801 1802 d7643e 1799->1802 1801->1797 1807 d76420-d76429 call d717d8 1801->1807 1802->1805 1807->1797 1807->1799
              APIs
              • RtlAllocateHeap.NTDLL(00000008,00D5D6FA,00000004,?,00D75D79,00000001,00000364,00000004,00000007,000000FF,?,00D6067B,00000002,00000000,?,?), ref: 00D76435
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 661dc90baa2b4d4cf212762d72955450e5625bbffe3dbfea14ebb7e7313a7326
              • Instruction ID: 35a9104accdea12d11846daad00bf4471e56c992a9785763268bb574d9fa4a03
              • Opcode Fuzzy Hash: 661dc90baa2b4d4cf212762d72955450e5625bbffe3dbfea14ebb7e7313a7326
              • Instruction Fuzzy Hash: EBF08931509A24AA9B216F669C06B5B7F59EF857A8F19C151EC0CD6180FA30DC1146F1
              Function 00D76E2D Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1810 d76e2d-d76e39 1811 d76e6b-d76e76 call d6d23f 1810->1811 1812 d76e3b-d76e3d 1810->1812 1819 d76e78-d76e7a 1811->1819 1814 d76e56-d76e67 RtlAllocateHeap 1812->1814 1815 d76e3f-d76e40 1812->1815 1816 d76e42-d76e49 call d73f93 1814->1816 1817 d76e69 1814->1817 1815->1814 1816->1811 1822 d76e4b-d76e54 call d717d8 1816->1822 1817->1819 1822->1811 1822->1814
              APIs
              • RtlAllocateHeap.NTDLL(00000000,00000004,00000000,?,00D6067B,00000002,00000000,?,?,?,00C8303D,00D5D6FA,00000004,00000000,00D5D6FA), ref: 00D76E60
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: a6edab15feecfbe3c71950329d55e6ca3e00e202441c8cc23d1798afd2431108
              • Instruction ID: a02d04c490be3df7b24a8319bb64dd5532941e8202eb1eb86c978aa3d66ed7b0
              • Opcode Fuzzy Hash: a6edab15feecfbe3c71950329d55e6ca3e00e202441c8cc23d1798afd2431108
              • Instruction Fuzzy Hash: B6E06D39541E25AADB312665DD02B6B7A59DF827A0F19C621FD8DA61D1FB20C81081B8

              Non-executed Functions

              Function 00D03F80 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 263libraryloaderCOMMON
              Download Yara Rule
              APIs
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 00D040CC
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 00D04116
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 00D0414E
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 00D04196
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 00D041E9
              Strings
              • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36, xrefs: 00D04037
              • pv, xrefs: 00D0431D
              • D`vb, xrefs: 00D041B4
              • mdmv, xrefs: 00D04316
              • vdPf, xrefs: 00D04249
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: AddressProc
              • String ID: D`vb$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36$mdmv$pv$vdPf
              • API String ID: 190572456-2376812635
              • Opcode ID: af02dd27d7e203fba13a79666ec35e18d1c8db0af66695087ce20416ecb70d23
              • Instruction ID: e1c8aa4ae9ab6b238eaa613089e194f1041ce010eb3657215c034ea974c785b7
              • Opcode Fuzzy Hash: af02dd27d7e203fba13a79666ec35e18d1c8db0af66695087ce20416ecb70d23
              • Instruction Fuzzy Hash: FCC109B0818388DEDB44DFA8E484BEDBFF4EF19704F50406ED845AB682D3755509CBA9
              Function 00C8D8B9 Relevance: 26.6, APIs: 2, Strings: 13, Instructions: 377COMMON
              Download Yara Rule
              APIs
              • Process32Next.KERNEL32(00000000,00000128), ref: 00C8DAB0
              • Process32Next.KERNEL32(00000000,?), ref: 00C8DAF8
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: NextProcess32
              • String ID: ?$EIJ$IOQW$agnd$bqZP$d;"&$ec`v$jjst$oo$rAKq$rnql$za@r${~RL
              • API String ID: 1850201408-2823651170
              • Opcode ID: 3acc94521c997f9f65eafd7b6aab4ec47b31df97a76cb3a5a9c5d31b6a6df8b9
              • Instruction ID: ab1f8e914c948c29fd2af99689fad170486cbf06328e714452afce3204da85f4
              • Opcode Fuzzy Hash: 3acc94521c997f9f65eafd7b6aab4ec47b31df97a76cb3a5a9c5d31b6a6df8b9
              • Instruction Fuzzy Hash: C1F14CB1D1122C9AEF24EB90CC45BEEB7B8EF15304F4005D9E509A7282EB705B89DF65
              Function 00C88D70 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 311libraryloaderCOMMON
              Download Yara Rule
              APIs
              • GetModuleHandleA.KERNEL32(9B92819A,?,?,00DB56BC), ref: 00C88E0E
              • GetProcAddress.KERNEL32(00000000,82B281BA), ref: 00C88E1B
              • GetModuleHandleA.KERNEL32(9B92819A), ref: 00C88E85
              • GetProcAddress.KERNEL32(00000000,82A781BA), ref: 00C88E8C
              • CloseHandle.KERNEL32(00000000), ref: 00C89092
              • CloseHandle.KERNEL32(00000000), ref: 00C890F4
              • CloseHandle.KERNEL32(00000000), ref: 00C89121
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Handle$Close$AddressModuleProc
              • String ID: File$bkg`$eHlW$l$lwcf$p$t
              • API String ID: 4110381430-3184506882
              • Opcode ID: ec45aee28fcdd1506a55c9f23b8c1789f1320bca57fb1fdb60323ba7527438df
              • Instruction ID: f109a43b7b14b6dc59dddac9582e982d6cff1f72613107c735a149bb22b1c563
              • Opcode Fuzzy Hash: ec45aee28fcdd1506a55c9f23b8c1789f1320bca57fb1fdb60323ba7527438df
              • Instruction Fuzzy Hash: 61C1AD70E002599BDF20DFA4CC85BAEBBB9FF05304F144069E505BB281DB71AA49CB69
              Function 00CEF810 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 175COMMON
              Download Yara Rule
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 00CEF833
              • std::_Lockit::_Lockit.LIBCPMT ref: 00CEF855
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CEF875
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CEF89F
              • std::_Lockit::_Lockit.LIBCPMT ref: 00CEF90D
              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00CEF959
              • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00CEF973
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CEFA08
              • std::_Facet_Register.LIBCPMT ref: 00CEFA15
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
              • String ID: bad locale name$Ps
              • API String ID: 3375549084-1174896957
              • Opcode ID: 50aca5d8e0a943cccc04af196e5ea57104342bf54a07a5969f30efec043334dc
              • Instruction ID: 3ef994cfa2c6a89a20ca09bb098b2fe5953d2dd52ffe90dd0ece775fabd7e98c
              • Opcode Fuzzy Hash: 50aca5d8e0a943cccc04af196e5ea57104342bf54a07a5969f30efec043334dc
              • Instruction Fuzzy Hash: 9461B071E00248DBEF20DFA5D845B9EBBB4EF15310F140168E855A7381E775EA0ACBB2
              Function 00C94490 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 225registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExA.ADVAPI32(80000002,A3A5ACA7,00000000,00020019,?), ref: 00C9452C
              • RegOpenKeyExA.ADVAPI32(80000002,A3A5ACA7,00000000,00020019,?), ref: 00C945AA
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Open
              • String ID: P^k}$fxqv$gI@U$jqth$jqth$nuAl$wa]n$ynj
              • API String ID: 71445658-2554975206
              • Opcode ID: cf1f443227e82393ad9a490f4176eb8aab5f4bfb7230ea7248184110c543aacb
              • Instruction ID: 5727bae72f6cd684954155a53d50ba81d335556f73a2a692cab5d92c893c3ad1
              • Opcode Fuzzy Hash: cf1f443227e82393ad9a490f4176eb8aab5f4bfb7230ea7248184110c543aacb
              • Instruction Fuzzy Hash: 1A81D470D102489FDF18CFA8D888FEEBBB9EF0A304F14415DE451AB681E7719A06CB64
              Function 00C839F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156COMMON
              Download Yara Rule
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 00C83A58
              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C83AA4
              • __Getctype.LIBCPMT ref: 00C83ABA
              • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00C83AE6
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C83B7B
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
              • String ID: bad locale name
              • API String ID: 1840309910-1405518554
              • Opcode ID: 7b887546de465cc568effb5b9177bfc5ca704f881109cc57926d7ece8d7ceecf
              • Instruction ID: df710dc5247b410c007d8e4bbfe0da864faa8ad9e9d8753ed5c579dd4429e5d6
              • Opcode Fuzzy Hash: 7b887546de465cc568effb5b9177bfc5ca704f881109cc57926d7ece8d7ceecf
              • Instruction Fuzzy Hash: 04513EB1D002489BEF14EFA4D845B9EBBB8EF14714F144069EC19AB341E774DA08CBB6
              Function 00C8B1A0 Relevance: 10.6, APIs: 7, Instructions: 133memoryCOMMON
              Download Yara Rule
              APIs
              • LocalAlloc.KERNEL32(00000040,0000001C), ref: 00C8B1F0
              • LocalAlloc.KERNEL32(00000040,0000001C,?,00000000,00000000), ref: 00C8B239
              • SetupDiGetDeviceInterfaceDetailA.SETUPAPI(?,00000000,00000000,00000000,?,00000000), ref: 00C8B26D
              • SetupDiGetDeviceInterfaceDetailA.SETUPAPI(?,?,00000000,?,00000000,00000000), ref: 00C8B28F
              • LocalFree.KERNEL32(?,?,?,?,?,00000000,?,00000000,00000000), ref: 00C8B2C0
              • LocalFree.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 00C8B2C5
              • LocalFree.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 00C8B2C8
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Local$Free$AllocDetailDeviceInterfaceSetup
              • String ID:
              • API String ID: 4232148138-0
              • Opcode ID: 1be4266767768ee3bde3f48abe87f71dd9d08b9e5258d04ae6162f8e0dd70064
              • Instruction ID: a6b79f666188690259766fbbe7db5af8d5ba5af3b921f1b21c6628749930d96b
              • Opcode Fuzzy Hash: 1be4266767768ee3bde3f48abe87f71dd9d08b9e5258d04ae6162f8e0dd70064
              • Instruction Fuzzy Hash: E0411CB1A40309AFDB20DFA9DC41BAEBBF8FB48700F10452AE559E7650E775A9008B60
              Function 00D62E10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
              Download Yara Rule
              APIs
              • _ValidateLocalCookies.LIBCMT ref: 00D62E47
              • ___except_validate_context_record.LIBVCRUNTIME ref: 00D62E4F
              • _ValidateLocalCookies.LIBCMT ref: 00D62ED8
              • __IsNonwritableInCurrentImage.LIBCMT ref: 00D62F03
              • _ValidateLocalCookies.LIBCMT ref: 00D62F58
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
              • String ID: csm
              • API String ID: 1170836740-1018135373
              • Opcode ID: 4b6b57949ad549cf962e2a9d1f675ec8f00b14963bcfff0aa26b157b6d63c89a
              • Instruction ID: 85a90fbc94eaa3c380140dce98f43f06f1d894cc7c7fc7dd8c919735bcd24611
              • Opcode Fuzzy Hash: 4b6b57949ad549cf962e2a9d1f675ec8f00b14963bcfff0aa26b157b6d63c89a
              • Instruction Fuzzy Hash: 6541B530A00609AFCF10DF68C885AAEBBB5EF45324F188565F8149B352D732EE55CBB1
              Function 00D6D513 Relevance: 9.3, APIs: 6, Instructions: 285COMMON
              Download Yara Rule
              APIs
              • __allrem.LIBCMT ref: 00D6D69B
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D6D6B7
              • __allrem.LIBCMT ref: 00D6D6CE
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D6D6EC
              • __allrem.LIBCMT ref: 00D6D703
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D6D721
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
              • String ID:
              • API String ID: 1992179935-0
              • Opcode ID: 7222d4fbd83bf911f66e88245ad854337fd27cd591c1530f5d5dc897f2461532
              • Instruction ID: 186418f007775c9316ac0e4880f1ddd155ce762789001fdff7986d980427f0b0
              • Opcode Fuzzy Hash: 7222d4fbd83bf911f66e88245ad854337fd27cd591c1530f5d5dc897f2461532
              • Instruction Fuzzy Hash: 9A810B72F007169BD720AF68EC41B6A73EAEF55724F24462AF416DB6C1E770D90087B1
              Function 00CEDE70 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
              Download Yara Rule
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 00CEDE93
              • std::_Lockit::_Lockit.LIBCPMT ref: 00CEDEB6
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CEDED6
              • std::_Facet_Register.LIBCPMT ref: 00CEDF4B
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CEDF63
              • Concurrency::cancel_current_task.LIBCPMT ref: 00CEDF7B
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
              • String ID:
              • API String ID: 2081738530-0
              • Opcode ID: c7447da03327ee711e092243aa561e863a30a13acc69f50bf80ac5d4bc9807b0
              • Instruction ID: d565af55f19fa30ae6b357d1b28e64941ef2a54262dc4f3bcd13a758f90e15c5
              • Opcode Fuzzy Hash: c7447da03327ee711e092243aa561e863a30a13acc69f50bf80ac5d4bc9807b0
              • Instruction Fuzzy Hash: 2631A072900256DFCB24DF95D881AAEBBB4FB14720F184259E816AB351D730AE05CBF1
              Function 00C8A750 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 272COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: \*.*
              • API String ID: 0-1173974218
              • Opcode ID: fdc42279b3d1eaa943a4849d233e9260e250a2d779c7e1007bb0273806ff31b7
              • Instruction ID: be83d613ecd9ed70cec412e6a1bed68b06d0ba23c8334bddbf6d51074f5ff674
              • Opcode Fuzzy Hash: fdc42279b3d1eaa943a4849d233e9260e250a2d779c7e1007bb0273806ff31b7
              • Instruction Fuzzy Hash: 91A1C470D002099FEF18EFA8C984BEEBBB5FF09314F14451AE415E7681E7709A85CB66
              Function 00C84C50 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 345COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C84F72
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C84FFF
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: ", "$: "
              • API String ID: 4194217158-747220369
              • Opcode ID: 6b3b04dcb7efcd47760d1483b508eadea6d44ee3750bb771f6769cf9cba69c13
              • Instruction ID: 9bc3570b2e8fffce1121ac6e8f86a1c4fcb5800a254a033a28f1744fb4757335
              • Opcode Fuzzy Hash: 6b3b04dcb7efcd47760d1483b508eadea6d44ee3750bb771f6769cf9cba69c13
              • Instruction Fuzzy Hash: DCC111719002058FDB28EF68D885BAEFBF5FF48304F10492DE45297B81E774AA45CBA5
              Function 00C87820 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 310COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00C8799A
              • ___std_exception_copy.LIBVCRUNTIME ref: 00C87B75
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: out_of_range$type_error
              • API String ID: 2659868963-3702451861
              • Opcode ID: 9ef53ad06c950443b9773adc69d6bf222e3317c4f7b7c05e5f558f1877b9dc2e
              • Instruction ID: 69d8bbbece3f3a6a2991f0c25081958c9167f0d105b496b0d28e337f1100d483
              • Opcode Fuzzy Hash: 9ef53ad06c950443b9773adc69d6bf222e3317c4f7b7c05e5f558f1877b9dc2e
              • Instruction Fuzzy Hash: 7AC169B1D002088FDB08DFA8D984B9DBBF1FF49304F248669E459EB781E7749981CB64
              Function 00C873B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C875BE
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C875CD
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: at line $, column
              • API String ID: 4194217158-191570568
              • Opcode ID: 4ef3a0dfe37e650ff0c3f2c380665328503e5deb84b62fb2a9b3569885f49dc9
              • Instruction ID: 230b43a06a08241ddc561d39c9651f1b4c463e482dd165e3d3715dad0a3ca613
              • Opcode Fuzzy Hash: 4ef3a0dfe37e650ff0c3f2c380665328503e5deb84b62fb2a9b3569885f49dc9
              • Instruction Fuzzy Hash: A0610671A042049FDB08DF68DC84BADBBB6FF45304F24862CE415A7781E774EA45CBA5
              Function 00C8AF30 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON
              Download Yara Rule
              APIs
              • GetSystemMetrics.USER32(00000001), ref: 00C8AF8A
              • GetSystemMetrics.USER32(00000000), ref: 00C8AF90
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: MetricsSystem
              • String ID: d$image/png
              • API String ID: 4116985748-2616758285
              • Opcode ID: 090adcca66f888eb0d91d82aeaf254aa99c286df7142aa781f0b2b07ceaca4c5
              • Instruction ID: 223b2b42d97762ea957c17bbb7758c8f029674552bf6618c2e0e9d5e11df6d95
              • Opcode Fuzzy Hash: 090adcca66f888eb0d91d82aeaf254aa99c286df7142aa781f0b2b07ceaca4c5
              • Instruction Fuzzy Hash: 8E516AB1508301AFE710EF24C894B6BBBE8EF99758F004D2DF99496250E771ED048BA6
              Function 00C83D10 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00C83E7F
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2659868963-1866435925
              • Opcode ID: a8c073f073d36d16ae3b21695f44aa8104ac79891f212ac1e36af602db4d9581
              • Instruction ID: 73da7404add71a7da6ecee64fa33ffa6c5a37a5591358b9ade23284bb3c00b24
              • Opcode Fuzzy Hash: a8c073f073d36d16ae3b21695f44aa8104ac79891f212ac1e36af602db4d9581
              • Instruction Fuzzy Hash: 9641B3B6900244AFCB04EF68C845BAEBBF8EF49710F14852AF915D7741E774AA058BB4
              Function 00C83DE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00C83E7F
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2659868963-1866435925
              • Opcode ID: 139cfc809a133d20e7b44b70d25987a80059bab29badf2c88ef08798dac47611
              • Instruction ID: 55d58fc835d0cce220c2b6462432b68da281407da244dc47de25480e214243e0
              • Opcode Fuzzy Hash: 139cfc809a133d20e7b44b70d25987a80059bab29badf2c88ef08798dac47611
              • Instruction Fuzzy Hash: 75210AB29003446FC714EF58D805B9AB7DCAB05710F18882EFA68CB741E774EA14CBB5
              Function 00C86F40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 349COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00C87340
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: parse error$parse_error
              • API String ID: 2659868963-1820534363
              • Opcode ID: 747a3af68da61219ee04f08d983e080f81004126f039f9830e2247d7a1f17a04
              • Instruction ID: 63f71cdbc3fd2beefa786148d0386b5140d7351fb3f3bcf85a2e71c3c7c35049
              • Opcode Fuzzy Hash: 747a3af68da61219ee04f08d983e080f81004126f039f9830e2247d7a1f17a04
              • Instruction Fuzzy Hash: 0AE171719042089FDB18DF68C884B9DBBB1FF49304F24826DE418EB792E7749A85CF65
              Function 00C86C60 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 247COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C86F11
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C86F20
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: [json.exception.
              • API String ID: 4194217158-791563284
              • Opcode ID: 4ea2b813ef483c65fba35cc990d17222b27c2ba4384303260d97183c20f4848b
              • Instruction ID: b919c22a329b21339da1b15ab17e8454e278dc35490913ca1fc68df2218ff393
              • Opcode Fuzzy Hash: 4ea2b813ef483c65fba35cc990d17222b27c2ba4384303260d97183c20f4848b
              • Instruction Fuzzy Hash: 8A91E570A002089FDB18DF68D884B9EFBF2FF45304F20856DE455AB792D771A945CB64
              Function 00CFA520 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 234COMMON
              Download Yara Rule
              APIs
              • Concurrency::cancel_current_task.LIBCPMT ref: 00CFA656
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Concurrency::cancel_current_task
              • String ID: pected $unexpected
              • API String ID: 118556049-356062554
              • Opcode ID: a488096d346ddb20ad401a233e08d86b5c368dbbab1f4f7ebdf35b9828553d39
              • Instruction ID: 1ceb8bf5441611bbe01fac5b96c64f3fe8856f61cab15076f87b3d81bdb5f8ad
              • Opcode Fuzzy Hash: a488096d346ddb20ad401a233e08d86b5c368dbbab1f4f7ebdf35b9828553d39
              • Instruction Fuzzy Hash: 7D5138B25001049FDB18EF28D884A6EF7A5EF45310F244629F95ACB685EB30ED4587E2
              Function 00CF8F90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00CF9753
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00CF976C
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00CFA374
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00CFA38D
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.3274459385.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000006.00000002.3274421235.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274459385.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274747118.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274787908.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274824954.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274870934.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274908865.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3274949610.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275167205.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275202639.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275252484.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275289755.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275315588.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275396064.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275440170.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275477222.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275518793.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275558947.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275597466.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275635918.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275673753.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275712354.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275744131.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275796289.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275822077.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275960354.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3275995343.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276033619.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276123612.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000006.00000002.3276162633.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_6_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: value
              • API String ID: 4194217158-494360628
              • Opcode ID: 8d77fc14e33f24f56b2e6da112be02ee6d332f1162637975d1e3335071f6a931
              • Instruction ID: c8449a5f97534e189af6baa8db876fd081fa7f7be96d1479ba0ec7e93def0638
              • Opcode Fuzzy Hash: 8d77fc14e33f24f56b2e6da112be02ee6d332f1162637975d1e3335071f6a931
              • Instruction Fuzzy Hash: 02519EB0D0025C9FDB14DFA8DC88BEEBBB8AF05300F144169E549A7792D7749A48DB62

              Execution Graph

              Execution Coverage:3.6%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:0%
              Total number of Nodes:867
              Total number of Limit Nodes:110
              execution_graph 33723 c94dc9 11 API calls 33503 c97dc0 33504 c97df8 33503->33504 33505 c97e30 33504->33505 33506 c99db7 33504->33506 33509 cf20e0 2 API calls 33505->33509 33668 c82270 RtlAllocateHeap RtlAllocateHeap 33506->33668 33508 c99dbc 33669 c82270 RtlAllocateHeap RtlAllocateHeap 33508->33669 33513 c97e5c 33509->33513 33511 c99dc1 33670 c82270 RtlAllocateHeap RtlAllocateHeap 33511->33670 33513->33508 33513->33513 33516 c97eab 33513->33516 33514 c99dc6 33671 d5e4bb 6 API calls std::locale::_Setgloballocale 33514->33671 33520 cf20e0 2 API calls 33516->33520 33517 c99dcc 33672 c82270 RtlAllocateHeap RtlAllocateHeap 33517->33672 33519 c99dd1 33521 d647b0 RtlAllocateHeap 33519->33521 33525 c97ed7 33520->33525 33522 c99dd6 33521->33522 33523 d647b0 RtlAllocateHeap 33522->33523 33524 c99ddb 33523->33524 33526 d647b0 RtlAllocateHeap 33524->33526 33525->33511 33525->33525 33528 c97f23 33525->33528 33527 c99de0 33526->33527 33673 d5e4bb 6 API calls std::locale::_Setgloballocale 33527->33673 33531 cf20e0 2 API calls 33528->33531 33530 c99de6 33532 d647b0 RtlAllocateHeap 33530->33532 33536 c97f4f __fread_nolock 33531->33536 33533 c99deb 33532->33533 33674 c82270 RtlAllocateHeap RtlAllocateHeap 33533->33674 33535 c99df0 33537 d647b0 RtlAllocateHeap 33535->33537 33541 c82ae0 2 API calls 33536->33541 33538 c99e09 33537->33538 33675 c82270 RtlAllocateHeap RtlAllocateHeap 33538->33675 33540 c99e0e 33542 d647b0 RtlAllocateHeap 33540->33542 33543 c97fcc __fread_nolock 33541->33543 33544 c99c30 33542->33544 33546 c97ff4 GetUserNameA 33543->33546 33545 d647b0 RtlAllocateHeap 33544->33545 33618 c99c5d std::ios_base::_Ios_base_dtor 33544->33618 33545->33618 33549 c98028 33546->33549 33547 d647b0 RtlAllocateHeap 33567 c99c97 std::ios_base::_Ios_base_dtor 33547->33567 33548 d647b0 RtlAllocateHeap 33554 c99e22 33548->33554 33550 c82ae0 2 API calls 33549->33550 33555 c985ae std::ios_base::_Ios_base_dtor 33549->33555 33551 c9808b 33550->33551 33552 cea480 2 API calls 33551->33552 33553 c980a8 33552->33553 33557 c980d1 std::locale::_Locimp::_Locimp 33553->33557 33660 cf06c0 2 API calls 4 library calls 33553->33660 33558 c9987f std::ios_base::_Ios_base_dtor 33555->33558 33560 c82ae0 2 API calls 33555->33560 33559 d5e812 GetSystemTimePreciseAsFileTime 33557->33559 33558->33558 33562 c82ae0 2 API calls 33558->33562 33558->33567 33561 c98135 33559->33561 33563 c98676 33560->33563 33561->33514 33564 c98140 33561->33564 33573 c999c6 33562->33573 33566 cea480 2 API calls 33563->33566 33571 c9815b GetFileAttributesA 33564->33571 33575 c98167 __Mtx_unlock 33564->33575 33565 c99d9c std::ios_base::_Ios_base_dtor 33568 c98693 33566->33568 33567->33548 33567->33565 33569 c986bc std::locale::_Locimp::_Locimp 33568->33569 33662 cf06c0 2 API calls 4 library calls 33568->33662 33576 d5e812 GetSystemTimePreciseAsFileTime 33569->33576 33571->33575 33572 c98573 std::ios_base::_Ios_base_dtor 33572->33524 33572->33555 33573->33538 33574 c99a3e 33573->33574 33577 cf20e0 2 API calls 33574->33577 33575->33517 33575->33572 33582 c981fa 33575->33582 33578 c98721 33576->33578 33579 c99a6a 33577->33579 33578->33527 33580 c9872c 33578->33580 33581 cea480 2 API calls 33579->33581 33587 c9874f GetFileAttributesA 33580->33587 33589 c9875b __Mtx_unlock 33580->33589 33583 c99a7d 33581->33583 33585 cf20e0 2 API calls 33582->33585 33584 cea4f0 2 API calls 33583->33584 33592 c99adb std::ios_base::_Ios_base_dtor 33584->33592 33586 c98222 33585->33586 33588 c9824f std::locale::_Locimp::_Locimp 33586->33588 33661 cf06c0 2 API calls 4 library calls 33586->33661 33587->33589 33597 c98775 __Mtx_unlock 33587->33597 33595 cea480 2 API calls 33588->33595 33590 c82ae0 2 API calls 33589->33590 33589->33597 33590->33597 33592->33540 33593 c99b4d std::ios_base::_Ios_base_dtor 33592->33593 33594 d65362 RtlAllocateHeap 33593->33594 33596 c99b91 33594->33596 33600 c9830a std::ios_base::_Ios_base_dtor 33595->33600 33599 c940e0 GetSystemTimePreciseAsFileTime 33596->33599 33596->33618 33597->33530 33601 c987cd std::ios_base::_Ios_base_dtor 33597->33601 33598 c983e2 std::ios_base::_Ios_base_dtor 33602 cea770 2 API calls 33598->33602 33608 c99ba3 33599->33608 33600->33519 33600->33598 33601->33533 33601->33558 33601->33601 33604 c988be 33601->33604 33603 c9840c 33602->33603 33605 c8a600 5 API calls 33603->33605 33606 cf20e0 2 API calls 33604->33606 33607 c98411 33605->33607 33610 c988e6 33606->33610 33607->33522 33607->33572 33609 c99bf3 33608->33609 33611 c82ae0 2 API calls 33608->33611 33614 d6d168 4 API calls 33609->33614 33612 c9890d std::locale::_Locimp::_Locimp 33610->33612 33663 cf06c0 2 API calls 4 library calls 33610->33663 33611->33609 33617 cea480 2 API calls 33612->33617 33615 c99c2a 33614->33615 33616 d68be8 5 API calls 33615->33616 33616->33544 33621 c989a7 std::ios_base::_Ios_base_dtor 33617->33621 33618->33547 33618->33567 33619 c98a8d std::ios_base::_Ios_base_dtor 33620 cea770 2 API calls 33619->33620 33622 c98aba 33620->33622 33621->33535 33621->33619 33623 c8a600 5 API calls 33622->33623 33624 c98abf 33623->33624 33624->33558 33624->33624 33625 c82ae0 2 API calls 33624->33625 33626 c98c04 33625->33626 33627 cee530 2 API calls 33626->33627 33628 c98c90 33627->33628 33629 cea480 2 API calls 33628->33629 33630 c98ca2 33629->33630 33631 c98d43 std::locale::_Locimp::_Locimp 33630->33631 33664 cf06c0 2 API calls 4 library calls 33630->33664 33633 cea480 2 API calls 33631->33633 33634 c98e17 33633->33634 33635 c98eb2 std::locale::_Locimp::_Locimp 33634->33635 33665 cf06c0 2 API calls 4 library calls 33634->33665 33637 cea480 2 API calls 33635->33637 33639 c98f88 std::ios_base::_Ios_base_dtor 33637->33639 33638 cea770 2 API calls 33640 c991fc 33638->33640 33639->33638 33641 c95b90 9 API calls 33640->33641 33642 c99203 33641->33642 33643 c82ae0 2 API calls 33642->33643 33644 c99313 33643->33644 33645 cee530 2 API calls 33644->33645 33646 c99395 33645->33646 33647 cea480 2 API calls 33646->33647 33648 c993a7 33647->33648 33649 c9941e std::locale::_Locimp::_Locimp 33648->33649 33666 cf06c0 2 API calls 4 library calls 33648->33666 33651 cea480 2 API calls 33649->33651 33652 c994bc 33651->33652 33653 c99557 std::locale::_Locimp::_Locimp 33652->33653 33667 cf06c0 2 API calls 4 library calls 33652->33667 33655 cea480 2 API calls 33653->33655 33657 c99627 std::ios_base::_Ios_base_dtor 33655->33657 33656 cea770 2 API calls 33658 c99878 33656->33658 33657->33656 33659 c95b90 9 API calls 33658->33659 33659->33558 33660->33557 33661->33588 33662->33569 33663->33612 33664->33631 33665->33635 33666->33649 33667->33653 33678 c948e0 16 API calls 33798 c903fa 16 API calls 2 library calls 33765 c96689 9 API calls 4 library calls 33685 c9f880 Sleep RtlAllocateHeap RtlAllocateHeap 33688 c95498 GetPEB GetPEB GetPEB GetPEB GetPEB 33806 c85f90 6 API calls std::ios_base::_Ios_base_dtor 33158 c8a090 33159 d5f290 std::_Facet_Register 2 API calls 33158->33159 33160 c8a0c8 33159->33160 33161 c82ae0 2 API calls 33160->33161 33162 c8a10b 33161->33162 33163 d65362 RtlAllocateHeap 33162->33163 33164 c8a157 33163->33164 33165 d69136 4 API calls 33164->33165 33184 c8a1c1 33164->33184 33167 c8a16a 33165->33167 33166 c8a1ea std::ios_base::_Ios_base_dtor 33168 d64eeb 2 API calls 33167->33168 33170 c8a170 33168->33170 33169 d647b0 RtlAllocateHeap 33171 c8a20c 33169->33171 33172 d69136 4 API calls 33170->33172 33173 d5f290 std::_Facet_Register 2 API calls 33171->33173 33174 c8a17c 33172->33174 33175 c8a248 33173->33175 33176 cecf60 2 API calls 33174->33176 33178 c8a18b 33174->33178 33177 c82ae0 2 API calls 33175->33177 33176->33178 33181 c8a28b 33177->33181 33179 d6dbdf __fread_nolock 4 API calls 33178->33179 33180 c8a1bb 33179->33180 33182 d68be8 5 API calls 33180->33182 33183 d65362 RtlAllocateHeap 33181->33183 33182->33184 33185 c8a2d7 33183->33185 33184->33166 33184->33169 33190 c8a34e 33185->33190 33212 d69136 33185->33212 33186 c8a377 std::ios_base::_Ios_base_dtor 33190->33186 33192 d647b0 RtlAllocateHeap 33190->33192 33195 c8a399 33192->33195 33193 d69136 4 API calls 33194 c8a2fc 33193->33194 33199 c8a318 33194->33199 33224 cecf60 33194->33224 33196 d65362 RtlAllocateHeap 33195->33196 33198 c8a3d8 33196->33198 33200 d69136 4 API calls 33198->33200 33207 c8a3f9 33198->33207 33229 d6dbdf 33199->33229 33203 c8a3eb 33200->33203 33201 c8a423 std::ios_base::_Ios_base_dtor 33206 d64eeb 2 API calls 33203->33206 33205 d68be8 5 API calls 33205->33190 33209 c8a3f1 33206->33209 33207->33201 33208 d647b0 RtlAllocateHeap 33207->33208 33210 c8a439 33208->33210 33211 d68be8 5 API calls 33209->33211 33211->33207 33213 d69149 ___std_exception_copy 33212->33213 33232 d68e8d 33213->33232 33215 d6915e 33216 d644dc ___std_exception_copy RtlAllocateHeap 33215->33216 33217 c8a2ea 33216->33217 33218 d64eeb 33217->33218 33219 d64efe ___std_exception_copy 33218->33219 33254 d64801 33219->33254 33221 d64f0a 33222 d644dc ___std_exception_copy RtlAllocateHeap 33221->33222 33223 c8a2f0 33222->33223 33223->33193 33225 cecfa7 33224->33225 33228 cecf78 __fread_nolock 33224->33228 33292 cf0560 33225->33292 33227 cecfba 33227->33199 33228->33199 33309 d6dbfc 33229->33309 33231 c8a348 33231->33205 33234 d68e99 __fread_nolock 33232->33234 33233 d68e9f 33248 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 33233->33248 33234->33233 33236 d68ee2 __fread_nolock 33234->33236 33239 d69010 33236->33239 33238 d68eba 33238->33215 33240 d69036 33239->33240 33241 d69023 33239->33241 33249 d68f37 33240->33249 33241->33238 33243 d690e7 33243->33238 33244 d655d3 4 API calls 33246 d69087 33244->33246 33245 d69059 33245->33243 33245->33244 33247 d6e17d 2 API calls 33246->33247 33247->33243 33248->33238 33250 d68fa0 33249->33250 33251 d68f48 33249->33251 33250->33245 33251->33250 33253 d6e13d SetFilePointerEx RtlAllocateHeap __fread_nolock ___std_exception_copy 33251->33253 33253->33250 33255 d6480d __fread_nolock 33254->33255 33256 d64814 33255->33256 33257 d64835 __fread_nolock 33255->33257 33264 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 33256->33264 33261 d64910 33257->33261 33260 d6482d 33260->33221 33265 d64942 33261->33265 33263 d64922 33263->33260 33264->33260 33266 d64951 33265->33266 33267 d64979 33265->33267 33281 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 33266->33281 33269 d75f82 __fread_nolock RtlAllocateHeap 33267->33269 33271 d64982 33269->33271 33270 d6496c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 33270->33263 33278 d6e11f 33271->33278 33274 d64a2c 33282 d64cae SetFilePointerEx RtlAllocateHeap __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z _ValidateLocalCookies 33274->33282 33276 d64a43 33276->33270 33283 d64ae3 SetFilePointerEx RtlAllocateHeap __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 33276->33283 33284 d6df37 33278->33284 33280 d649a0 33280->33270 33280->33274 33280->33276 33281->33270 33282->33270 33283->33270 33285 d6df43 __fread_nolock 33284->33285 33286 d6df86 33285->33286 33288 d6dfcc 33285->33288 33290 d6df4b 33285->33290 33291 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 33286->33291 33289 d6e05c __fread_nolock 2 API calls 33288->33289 33288->33290 33289->33290 33290->33280 33291->33290 33293 cf06a9 33292->33293 33297 cf0585 33292->33297 33307 c82270 RtlAllocateHeap RtlAllocateHeap 33293->33307 33295 cf06ae 33308 c821d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 33295->33308 33299 cf05e3 33297->33299 33300 cf05f0 33297->33300 33302 cf059a 33297->33302 33298 d5f290 std::_Facet_Register 2 API calls 33305 cf05aa __fread_nolock std::locale::_Locimp::_Locimp 33298->33305 33299->33295 33299->33302 33303 d5f290 std::_Facet_Register 2 API calls 33300->33303 33300->33305 33301 d647b0 RtlAllocateHeap 33304 cf06b8 33301->33304 33302->33298 33303->33305 33305->33301 33306 cf0667 std::ios_base::_Ios_base_dtor __fread_nolock std::locale::_Locimp::_Locimp 33305->33306 33306->33227 33308->33305 33311 d6dc08 __fread_nolock 33309->33311 33310 d6dc40 __fread_nolock 33310->33231 33311->33310 33312 d6dc52 __fread_nolock 33311->33312 33314 d6dc1b __fread_nolock 33311->33314 33318 d6da06 33312->33318 33331 d6d23f RtlAllocateHeap __dosmaperr 33314->33331 33315 d6dc35 33332 d647a0 RtlAllocateHeap ___std_exception_copy 33315->33332 33322 d6da18 __fread_nolock 33318->33322 33325 d6da35 33318->33325 33319 d6da25 33392 d6d23f RtlAllocateHeap __dosmaperr 33319->33392 33321 d6da76 __fread_nolock 33324 d6dba1 __fread_nolock 33321->33324 33321->33325 33328 d75f82 __fread_nolock RtlAllocateHeap 33321->33328 33333 d74623 33321->33333 33394 d68a2b RtlAllocateHeap __fread_nolock __dosmaperr ___std_exception_copy std::locale::_Locimp::_Locimp 33321->33394 33322->33319 33322->33321 33322->33325 33395 d6d23f RtlAllocateHeap __dosmaperr 33324->33395 33325->33310 33328->33321 33329 d6da2a 33393 d647a0 RtlAllocateHeap ___std_exception_copy 33329->33393 33331->33315 33332->33310 33334 d74635 33333->33334 33335 d7464d 33333->33335 33396 d6d22c RtlAllocateHeap __dosmaperr 33334->33396 33336 d7498f 33335->33336 33340 d74690 33335->33340 33415 d6d22c RtlAllocateHeap __dosmaperr 33336->33415 33339 d7463a 33397 d6d23f RtlAllocateHeap __dosmaperr 33339->33397 33343 d7469b 33340->33343 33345 d74642 33340->33345 33351 d746cb 33340->33351 33341 d74994 33416 d6d23f RtlAllocateHeap __dosmaperr 33341->33416 33398 d6d22c RtlAllocateHeap __dosmaperr 33343->33398 33345->33321 33347 d746a8 33417 d647a0 RtlAllocateHeap ___std_exception_copy 33347->33417 33348 d746a0 33399 d6d23f RtlAllocateHeap __dosmaperr 33348->33399 33352 d746e4 33351->33352 33353 d746f1 33351->33353 33354 d7471f 33351->33354 33352->33353 33378 d7470d 33352->33378 33400 d6d22c RtlAllocateHeap __dosmaperr 33353->33400 33403 d76e2d RtlAllocateHeap RtlAllocateHeap __dosmaperr std::_Facet_Register 33354->33403 33356 d746f6 33401 d6d23f RtlAllocateHeap __dosmaperr 33356->33401 33359 d80d44 __fread_nolock RtlAllocateHeap 33362 d7486b 33359->33362 33360 d74730 33404 d76db3 RtlAllocateHeap __dosmaperr 33360->33404 33361 d746fd 33402 d647a0 RtlAllocateHeap ___std_exception_copy 33361->33402 33366 d748e3 ReadFile 33362->33366 33379 d7489b 33362->33379 33365 d74739 33405 d76db3 RtlAllocateHeap __dosmaperr 33365->33405 33369 d748fb 33366->33369 33375 d74957 33366->33375 33368 d74740 33370 d74765 33368->33370 33371 d7474a 33368->33371 33369->33375 33376 d748d4 33369->33376 33408 d6e13d SetFilePointerEx RtlAllocateHeap __fread_nolock ___std_exception_copy 33370->33408 33406 d6d23f RtlAllocateHeap __dosmaperr 33371->33406 33380 d74964 33375->33380 33381 d748b5 33375->33381 33384 d74937 33376->33384 33385 d74920 33376->33385 33391 d74708 __fread_nolock 33376->33391 33377 d7474f 33407 d6d22c RtlAllocateHeap __dosmaperr 33377->33407 33378->33359 33379->33376 33379->33381 33413 d6d23f RtlAllocateHeap __dosmaperr 33380->33413 33381->33391 33409 d6d1e5 RtlAllocateHeap __dosmaperr 33381->33409 33384->33391 33412 d7417b SetFilePointerEx RtlAllocateHeap __fread_nolock 33384->33412 33411 d74335 SetFilePointerEx RtlAllocateHeap __fread_nolock __dosmaperr 33385->33411 33387 d74969 33414 d6d22c RtlAllocateHeap __dosmaperr 33387->33414 33410 d76db3 RtlAllocateHeap __dosmaperr 33391->33410 33392->33329 33393->33325 33394->33321 33395->33329 33396->33339 33397->33345 33398->33348 33399->33347 33400->33356 33401->33361 33402->33391 33403->33360 33404->33365 33405->33368 33406->33377 33407->33391 33408->33378 33409->33391 33410->33345 33411->33391 33412->33391 33413->33387 33414->33391 33415->33341 33416->33347 33417->33345 33418 c8a690 33419 d5e812 GetSystemTimePreciseAsFileTime 33418->33419 33420 c8a6a2 33419->33420 33421 c8a6a9 33420->33421 33422 c8a6fe 33420->33422 33426 c8a6bd GetFileAttributesA 33421->33426 33428 c8a6c9 __Mtx_unlock 33421->33428 33432 d5e4bb 6 API calls std::locale::_Setgloballocale 33422->33432 33426->33428 33693 c94490 RegOpenKeyExA RegOpenKeyExA RtlAllocateHeap RtlAllocateHeap std::ios_base::_Ios_base_dtor 33433 c8b6a0 33445 c8b6fe __Getctype 33433->33445 33434 c8b80c std::ios_base::_Ios_base_dtor 33435 c8b7e1 33435->33434 33436 d647b0 RtlAllocateHeap 33435->33436 33439 c8b82c 33436->33439 33437 c8b7d8 33489 d6d7d6 RtlAllocateHeap ___std_exception_destroy 33437->33489 33439->33439 33440 c82ae0 2 API calls 33439->33440 33441 c8b8d9 RegOpenKeyExA 33440->33441 33446 c8b954 RegQueryValueExA 33441->33446 33449 c8b9e5 33441->33449 33442 c8b7d2 33488 d6d7d6 RtlAllocateHeap ___std_exception_destroy 33442->33488 33445->33435 33445->33437 33445->33442 33445->33445 33487 cea350 2 API calls 4 library calls 33445->33487 33450 c8b9dc RegCloseKey 33446->33450 33451 c8b9b3 33446->33451 33449->33449 33452 c82ae0 2 API calls 33449->33452 33450->33449 33490 cea350 2 API calls 4 library calls 33451->33490 33454 c8ba59 __fread_nolock 33452->33454 33455 c8ba6d GetCurrentHwProfileA 33454->33455 33456 c8baac 33455->33456 33457 c8ba81 33455->33457 33458 c8bab4 SetupDiGetClassDevsA 33456->33458 33491 cea350 2 API calls 4 library calls 33457->33491 33460 c8bb0d 33458->33460 33463 c8badb 33458->33463 33492 c8b1a0 9 API calls ___std_exception_copy 33460->33492 33462 c8bb1b 33462->33463 33464 c8bb5e 33463->33464 33465 c8c141 33463->33465 33468 cf20e0 2 API calls 33464->33468 33496 c82270 RtlAllocateHeap RtlAllocateHeap 33465->33496 33467 c8c146 33469 d647b0 RtlAllocateHeap 33467->33469 33470 c8bb89 33468->33470 33486 c8c065 std::ios_base::_Ios_base_dtor 33469->33486 33471 c8bbbc std::locale::_Locimp::_Locimp 33470->33471 33493 cf06c0 2 API calls 4 library calls 33470->33493 33475 cea480 2 API calls 33471->33475 33472 d647b0 RtlAllocateHeap 33474 c8c150 33472->33474 33476 c8bc62 33475->33476 33494 cf1ed0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task std::_Facet_Register std::locale::_Locimp::_Locimp 33476->33494 33478 c8bcb5 33479 cea480 2 API calls 33478->33479 33480 c8bcc8 33479->33480 33495 cf1ed0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task std::_Facet_Register std::locale::_Locimp::_Locimp 33480->33495 33482 c8bd2c std::ios_base::_Ios_base_dtor 33482->33467 33483 c8bf0a std::ios_base::_Ios_base_dtor std::locale::_Locimp::_Locimp 33482->33483 33483->33483 33484 c82ae0 2 API calls 33483->33484 33484->33486 33485 c8c124 std::ios_base::_Ios_base_dtor 33486->33472 33486->33485 33487->33442 33488->33437 33489->33435 33490->33450 33491->33456 33492->33462 33493->33471 33494->33478 33495->33482 33497 c9e0a0 WSAStartup 33498 c9e0d8 33497->33498 33502 c9e1a7 33497->33502 33499 c9e175 socket 33498->33499 33498->33502 33500 c9e18b connect 33499->33500 33499->33502 33501 c9e19d closesocket 33500->33501 33500->33502 33501->33499 33501->33502 33696 c9c0a0 14 API calls std::_Facet_Register 33769 c93aa0 18 API calls 2 library calls 33698 c8d892 21 API calls __fread_nolock 33810 c957b8 GetPEB GetPEB 33700 c9284f 14 API calls 32627 c99259 32628 c99260 32627->32628 32628->32628 32678 c82ae0 32628->32678 32630 c99313 32694 cee530 32630->32694 32632 c99395 32698 cea480 32632->32698 32634 c993a7 32635 c9941e std::locale::_Locimp::_Locimp 32634->32635 32895 cf06c0 2 API calls 4 library calls 32634->32895 32637 cea480 2 API calls 32635->32637 32638 c994bc 32637->32638 32639 c99557 std::locale::_Locimp::_Locimp 32638->32639 32896 cf06c0 2 API calls 4 library calls 32638->32896 32641 cea480 2 API calls 32639->32641 32643 c99627 std::ios_base::_Ios_base_dtor 32641->32643 32703 cea770 32643->32703 32644 c99878 32720 c95b90 32644->32720 32646 c9987f std::ios_base::_Ios_base_dtor 32647 c82ae0 2 API calls 32646->32647 32669 c99c97 std::ios_base::_Ios_base_dtor 32646->32669 32650 c999c6 32647->32650 32648 d647b0 RtlAllocateHeap 32651 c99e22 32648->32651 32649 c99d9c std::ios_base::_Ios_base_dtor 32652 c99e09 32650->32652 32653 c99a3e 32650->32653 32897 c82270 RtlAllocateHeap RtlAllocateHeap 32652->32897 32857 cf20e0 32653->32857 32655 c99e0e 32898 d647b0 32655->32898 32658 c99a6a 32659 cea480 2 API calls 32658->32659 32661 c99a7d 32659->32661 32660 d647b0 RtlAllocateHeap 32677 c99c5d std::ios_base::_Ios_base_dtor 32660->32677 32872 cea4f0 32661->32872 32663 d647b0 RtlAllocateHeap 32663->32669 32664 c99adb std::ios_base::_Ios_base_dtor 32664->32655 32665 c99b4d std::ios_base::_Ios_base_dtor 32664->32665 32877 d65362 32665->32877 32669->32648 32669->32649 32670 c99ba3 32671 c99bf3 32670->32671 32672 c82ae0 2 API calls 32670->32672 32883 d6d168 32671->32883 32672->32671 32677->32663 32677->32669 32679 c82ba5 32678->32679 32685 c82af6 32678->32685 32909 c82270 RtlAllocateHeap RtlAllocateHeap 32679->32909 32681 c82b02 std::locale::_Locimp::_Locimp 32681->32630 32682 c82baa 32910 c821d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 32682->32910 32683 c82b2a 32901 d5f290 32683->32901 32685->32681 32685->32683 32687 c82b6e 32685->32687 32688 c82b65 32685->32688 32686 c82b3d 32690 d647b0 RtlAllocateHeap 32686->32690 32693 c82b46 std::locale::_Locimp::_Locimp 32686->32693 32692 d5f290 std::_Facet_Register 2 API calls 32687->32692 32687->32693 32688->32682 32688->32683 32691 c82bb4 32690->32691 32692->32693 32693->32630 32695 cee546 32694->32695 32697 cee564 std::locale::_Locimp::_Locimp 32695->32697 32919 cfa520 2 API calls 4 library calls 32695->32919 32697->32632 32699 cea490 32698->32699 32699->32699 32702 cea4a7 std::locale::_Locimp::_Locimp 32699->32702 32920 cf06c0 2 API calls 4 library calls 32699->32920 32701 cea4e2 32701->32634 32702->32634 32704 cea799 32703->32704 32705 cea7aa 32704->32705 32706 cea851 32704->32706 32709 cea7b6 std::locale::_Locimp::_Locimp 32705->32709 32710 cea7db 32705->32710 32712 cea81d 32705->32712 32713 cea814 32705->32713 32921 c82270 RtlAllocateHeap RtlAllocateHeap 32706->32921 32708 cea856 32922 c821d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 32708->32922 32709->32644 32714 d5f290 std::_Facet_Register 2 API calls 32710->32714 32718 d5f290 std::_Facet_Register 2 API calls 32712->32718 32719 cea7f5 std::locale::_Locimp::_Locimp 32712->32719 32713->32708 32713->32710 32715 cea7ee 32714->32715 32716 d647b0 RtlAllocateHeap 32715->32716 32715->32719 32717 cea860 32716->32717 32717->32644 32718->32719 32719->32644 32721 c95bca __fread_nolock 32720->32721 32723 c95cd5 GetPEB 32721->32723 32726 c95cf0 32721->32726 32722 c95da1 std::ios_base::_Ios_base_dtor 32722->32646 32723->32726 32724 d647b0 RtlAllocateHeap 32725 c95dc1 __fread_nolock 32724->32725 32727 c95def GetModuleFileNameA 32725->32727 32726->32722 32726->32724 32728 c95e23 32727->32728 32728->32728 32729 c82ae0 2 API calls 32728->32729 32733 c95e3c 32729->32733 32730 c95f93 std::ios_base::_Ios_base_dtor 32730->32646 32731 d647b0 RtlAllocateHeap 32732 c95fab 32731->32732 32732->32732 32734 c96030 32732->32734 32735 c97d25 32732->32735 32733->32730 32733->32731 32738 cf20e0 2 API calls 32734->32738 32943 c82270 RtlAllocateHeap RtlAllocateHeap 32735->32943 32737 c97d2a 32944 c82270 RtlAllocateHeap RtlAllocateHeap 32737->32944 32743 c96059 32738->32743 32740 c97d2f 32945 c82270 RtlAllocateHeap RtlAllocateHeap 32740->32945 32742 c97d34 32946 d5e4bb 6 API calls std::locale::_Setgloballocale 32742->32946 32743->32737 32743->32743 32746 c960b3 32743->32746 32745 c97d3a 32947 c82270 RtlAllocateHeap RtlAllocateHeap 32745->32947 32749 cf20e0 2 API calls 32746->32749 32748 c97d3f 32750 d647b0 RtlAllocateHeap 32748->32750 32754 c960dc 32749->32754 32751 c97d44 32750->32751 32752 d647b0 RtlAllocateHeap 32751->32752 32753 c97d49 32752->32753 32755 d647b0 RtlAllocateHeap 32753->32755 32754->32740 32754->32754 32757 c96133 32754->32757 32756 c97d4e 32755->32756 32948 d5e4bb 6 API calls std::locale::_Setgloballocale 32756->32948 32759 cf20e0 2 API calls 32757->32759 32766 c9615c __fread_nolock 32759->32766 32760 c97d54 32761 d647b0 RtlAllocateHeap 32760->32761 32762 c97d59 32761->32762 32949 c82270 RtlAllocateHeap RtlAllocateHeap 32762->32949 32764 c97d5e 32765 d647b0 RtlAllocateHeap 32764->32765 32767 c97d81 32765->32767 32768 c82ae0 2 API calls 32766->32768 32767->32646 32769 c961dc 32768->32769 32769->32769 32770 c82ae0 2 API calls 32769->32770 32774 c96768 std::ios_base::_Ios_base_dtor 32769->32774 32771 c96259 32770->32771 32772 cea480 2 API calls 32771->32772 32773 c96273 32772->32773 32780 c9629c std::locale::_Locimp::_Locimp 32773->32780 32923 cf06c0 2 API calls 4 library calls 32773->32923 32774->32774 32775 c82ae0 2 API calls 32774->32775 32778 c97b4e std::ios_base::_Ios_base_dtor 32774->32778 32776 c967e8 32775->32776 32779 cea480 2 API calls 32776->32779 32778->32646 32781 c96802 32779->32781 32924 d5e812 32780->32924 32784 c9682b std::locale::_Locimp::_Locimp 32781->32784 32937 cf06c0 2 API calls 4 library calls 32781->32937 32786 d5e812 GetSystemTimePreciseAsFileTime 32784->32786 32787 c9687e 32786->32787 32787->32756 32790 c96889 __Mtx_unlock 32787->32790 32788 c962fc __Mtx_unlock 32788->32745 32789 c963ae 32788->32789 32809 c96730 std::ios_base::_Ios_base_dtor 32788->32809 32791 cf20e0 2 API calls 32789->32791 32792 c82ae0 2 API calls 32790->32792 32796 c968cb __Mtx_unlock 32790->32796 32793 c963d0 32791->32793 32792->32796 32794 c96403 std::locale::_Locimp::_Locimp 32793->32794 32927 cf06c0 2 API calls 4 library calls 32793->32927 32797 cea480 2 API calls 32794->32797 32796->32760 32798 c96923 std::ios_base::_Ios_base_dtor 32796->32798 32800 c964cd std::ios_base::_Ios_base_dtor 32797->32800 32798->32762 32798->32778 32798->32798 32801 c96a0d 32798->32801 32799 c965ac std::ios_base::_Ios_base_dtor 32802 cea770 2 API calls 32799->32802 32800->32748 32800->32799 32804 cf20e0 2 API calls 32801->32804 32803 c965df 32802->32803 32928 c8a600 32803->32928 32806 c96a2f 32804->32806 32807 c96a5c std::locale::_Locimp::_Locimp 32806->32807 32938 cf06c0 2 API calls 4 library calls 32806->32938 32810 cea480 2 API calls 32807->32810 32809->32753 32809->32774 32814 c96b2f std::ios_base::_Ios_base_dtor 32810->32814 32811 c965e4 32811->32751 32811->32809 32811->32811 32812 c96c2a std::ios_base::_Ios_base_dtor 32813 cea770 2 API calls 32812->32813 32815 c96c60 32813->32815 32814->32764 32814->32812 32816 c8a600 5 API calls 32815->32816 32820 c96c65 __fread_nolock 32816->32820 32817 cea770 2 API calls 32818 c97b49 32817->32818 32819 c8a600 5 API calls 32818->32819 32819->32778 32820->32820 32821 c82ae0 2 API calls 32820->32821 32856 c97ab9 std::ios_base::_Ios_base_dtor 32820->32856 32822 c96de3 32821->32822 32823 cee530 2 API calls 32822->32823 32824 c96e65 32823->32824 32825 cea480 2 API calls 32824->32825 32826 c96e77 32825->32826 32827 c96f18 std::locale::_Locimp::_Locimp 32826->32827 32939 cf06c0 2 API calls 4 library calls 32826->32939 32829 cea480 2 API calls 32827->32829 32830 c96fec 32829->32830 32831 c97087 std::locale::_Locimp::_Locimp 32830->32831 32940 cf06c0 2 API calls 4 library calls 32830->32940 32833 cea480 2 API calls 32831->32833 32834 c9715d std::ios_base::_Ios_base_dtor 32833->32834 32835 c82ae0 2 API calls 32834->32835 32836 c97402 32835->32836 32837 c95b90 7 API calls 32836->32837 32838 c97409 32837->32838 32839 c82ae0 2 API calls 32838->32839 32840 c974f3 32839->32840 32841 cee530 2 API calls 32840->32841 32842 c97575 32841->32842 32843 cea480 2 API calls 32842->32843 32844 c97587 32843->32844 32845 c975fe std::locale::_Locimp::_Locimp 32844->32845 32941 cf06c0 2 API calls 4 library calls 32844->32941 32847 cea480 2 API calls 32845->32847 32848 c976b9 32847->32848 32849 c97754 std::locale::_Locimp::_Locimp 32848->32849 32942 cf06c0 2 API calls 4 library calls 32848->32942 32851 cea480 2 API calls 32849->32851 32852 c97821 std::ios_base::_Ios_base_dtor 32851->32852 32853 c82ae0 2 API calls 32852->32853 32854 c97ab2 32853->32854 32855 c95b90 7 API calls 32854->32855 32855->32856 32856->32817 32858 cf2112 32857->32858 32860 cf213d std::locale::_Locimp::_Locimp 32857->32860 32859 cf211f 32858->32859 32861 cf216b 32858->32861 32862 cf2162 32858->32862 32863 d5f290 std::_Facet_Register 2 API calls 32859->32863 32860->32658 32861->32860 32865 d5f290 std::_Facet_Register 2 API calls 32861->32865 32862->32859 32864 cf21bc 32862->32864 32866 cf2132 32863->32866 32958 c821d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 32864->32958 32865->32860 32866->32860 32868 d647b0 RtlAllocateHeap 32866->32868 32869 cf21c6 32868->32869 32959 d6d7d6 RtlAllocateHeap ___std_exception_destroy 32869->32959 32871 cf21e4 std::ios_base::_Ios_base_dtor 32871->32658 32873 cea504 32872->32873 32874 cea514 std::locale::_Locimp::_Locimp 32873->32874 32960 cf06c0 2 API calls 4 library calls 32873->32960 32874->32664 32876 cea55a 32876->32664 32961 d652a0 32877->32961 32879 c99b91 32879->32677 32880 c940e0 32879->32880 32994 d5ec6a 32880->32994 32882 c940eb __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 32882->32670 32884 d6d17b ___std_exception_copy 32883->32884 33001 d6cf4a 32884->33001 32886 d6d190 33009 d644dc 32886->33009 32889 d68be8 32890 d68bfb ___std_exception_copy 32889->32890 33019 d68ac3 32890->33019 32892 d68c07 32893 d644dc ___std_exception_copy RtlAllocateHeap 32892->32893 32894 c99c30 32893->32894 32894->32660 32894->32677 32895->32635 32896->32639 33156 d646ec RtlAllocateHeap ___std_exception_copy 32898->33156 32900 d647bf __Getctype 32903 d5f295 std::_Facet_Register 32901->32903 32904 d5f2af 32903->32904 32906 c821d0 Concurrency::cancel_current_task 32903->32906 32911 d6df2c 32903->32911 32904->32686 32905 d5f2bb 32905->32905 32906->32905 32917 d60651 RtlAllocateHeap RtlAllocateHeap ___std_exception_destroy ___std_exception_copy 32906->32917 32908 c82213 32908->32686 32910->32686 32916 d76e2d __dosmaperr std::_Facet_Register 32911->32916 32912 d76e6b 32918 d6d23f RtlAllocateHeap __dosmaperr 32912->32918 32914 d76e56 RtlAllocateHeap 32915 d76e69 32914->32915 32914->32916 32915->32903 32916->32912 32916->32914 32917->32908 32918->32915 32919->32697 32920->32701 32922->32715 32923->32780 32950 d5e5ec 32924->32950 32926 c962f1 32926->32742 32926->32788 32927->32794 32929 c8a610 32928->32929 32929->32929 32930 d65362 RtlAllocateHeap 32929->32930 32931 c8a638 32930->32931 32932 d68be8 5 API calls 32931->32932 32934 c8a645 32931->32934 32932->32934 32933 c8a674 std::ios_base::_Ios_base_dtor 32933->32811 32934->32933 32935 d647b0 RtlAllocateHeap 32934->32935 32936 c8a68a 32935->32936 32937->32784 32938->32807 32939->32827 32940->32831 32941->32845 32942->32849 32951 d5e614 _ValidateLocalCookies 32950->32951 32952 d5e64e 32950->32952 32951->32926 32952->32951 32956 d5ec91 GetSystemTimePreciseAsFileTime __aulldiv __aullrem __Xtime_get_ticks 32952->32956 32954 d5e6a4 __Xtime_diff_to_millis2 32954->32951 32957 d5ec91 GetSystemTimePreciseAsFileTime __aulldiv __aullrem __Xtime_get_ticks 32954->32957 32956->32954 32957->32954 32958->32866 32959->32871 32960->32876 32964 d652ac __fread_nolock 32961->32964 32962 d652b3 32979 d6d23f RtlAllocateHeap __dosmaperr 32962->32979 32964->32962 32966 d652d3 32964->32966 32965 d652b8 32980 d647a0 RtlAllocateHeap ___std_exception_copy 32965->32980 32968 d652e5 32966->32968 32969 d652d8 32966->32969 32975 d76688 32968->32975 32981 d6d23f RtlAllocateHeap __dosmaperr 32969->32981 32972 d652ee 32974 d652c3 32972->32974 32982 d6d23f RtlAllocateHeap __dosmaperr 32972->32982 32974->32879 32976 d76694 __fread_nolock std::_Lockit::_Lockit 32975->32976 32983 d7672c 32976->32983 32978 d766af 32978->32972 32979->32965 32980->32974 32981->32974 32982->32974 32988 d7674f __fread_nolock 32983->32988 32985 d767b0 32993 d76db3 RtlAllocateHeap __dosmaperr 32985->32993 32987 d76795 __fread_nolock 32987->32978 32988->32987 32989 d763f3 32988->32989 32992 d76400 __dosmaperr std::_Facet_Register 32989->32992 32990 d7642b RtlAllocateHeap 32991 d7643e __dosmaperr 32990->32991 32990->32992 32991->32985 32992->32990 32992->32991 32993->32987 32997 d5f26a 32994->32997 32998 d5ec78 32997->32998 32999 d5f27b GetSystemTimePreciseAsFileTime 32997->32999 32998->32882 32999->32998 33002 d6cf58 33001->33002 33008 d6cf80 33001->33008 33003 d6cf87 33002->33003 33004 d6cf65 33002->33004 33002->33008 33016 d6cea3 SetFilePointerEx WriteFile RtlAllocateHeap RtlAllocateHeap __fread_nolock 33003->33016 33015 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 33004->33015 33007 d6cfbf 33007->32886 33008->32886 33010 d644e8 33009->33010 33011 d644ff 33010->33011 33017 d64587 RtlAllocateHeap ___std_exception_copy __Getctype 33010->33017 33013 c99c2a 33011->33013 33018 d64587 RtlAllocateHeap ___std_exception_copy __Getctype 33011->33018 33013->32889 33015->33008 33016->33007 33017->33011 33018->33013 33020 d68acf __fread_nolock 33019->33020 33021 d68ad9 33020->33021 33024 d68afc __fread_nolock 33020->33024 33040 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 33021->33040 33023 d68af4 33023->32892 33024->33023 33026 d68b5a 33024->33026 33027 d68b67 33026->33027 33028 d68b8a 33026->33028 33065 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 33027->33065 33030 d68b82 33028->33030 33041 d655d3 33028->33041 33030->33023 33036 d68bb6 33058 d74a3f 33036->33058 33040->33023 33042 d65613 33041->33042 33043 d655ec 33041->33043 33047 d76ded 33042->33047 33043->33042 33044 d75f82 __fread_nolock RtlAllocateHeap 33043->33044 33045 d65608 33044->33045 33067 d7538b 33045->33067 33048 d76e04 33047->33048 33049 d68baa 33047->33049 33048->33049 33135 d76db3 RtlAllocateHeap __dosmaperr 33048->33135 33051 d75f82 33049->33051 33052 d75fa3 33051->33052 33053 d75f8e 33051->33053 33052->33036 33136 d6d23f RtlAllocateHeap __dosmaperr 33053->33136 33055 d75f93 33137 d647a0 RtlAllocateHeap ___std_exception_copy 33055->33137 33057 d75f9e 33057->33036 33059 d74a68 33058->33059 33064 d68bbd 33058->33064 33060 d74ab7 33059->33060 33062 d74a8f 33059->33062 33142 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 33060->33142 33138 d749ae 33062->33138 33064->33030 33066 d76db3 RtlAllocateHeap __dosmaperr 33064->33066 33065->33030 33066->33030 33069 d75397 __fread_nolock 33067->33069 33068 d7539f 33068->33042 33069->33068 33070 d753d8 33069->33070 33072 d7541e 33069->33072 33088 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 33070->33088 33072->33068 33074 d7549c 33072->33074 33075 d754c4 33074->33075 33087 d754e7 __fread_nolock 33074->33087 33076 d754c8 33075->33076 33078 d75523 33075->33078 33094 d64723 RtlAllocateHeap ___std_exception_copy __Getctype 33076->33094 33079 d75541 33078->33079 33095 d6e17d 33078->33095 33089 d74fe1 33079->33089 33083 d755a0 33085 d75609 WriteFile 33083->33085 33083->33087 33084 d75559 33084->33087 33098 d74bb2 RtlAllocateHeap RtlAllocateHeap std::_Locinfo::_Locinfo_dtor _ValidateLocalCookies std::locale::_Locimp::_Locimp 33084->33098 33085->33087 33087->33068 33088->33068 33099 d80d44 33089->33099 33091 d75021 33091->33083 33091->33084 33092 d74ff3 33092->33091 33108 d69d10 RtlAllocateHeap RtlAllocateHeap std::_Locinfo::_Locinfo_dtor ___std_exception_copy 33092->33108 33094->33087 33112 d6e05c 33095->33112 33097 d6e196 33097->33079 33098->33087 33100 d80d5e 33099->33100 33101 d80d51 33099->33101 33103 d80d6a 33100->33103 33110 d6d23f RtlAllocateHeap __dosmaperr 33100->33110 33109 d6d23f RtlAllocateHeap __dosmaperr 33101->33109 33103->33092 33105 d80d56 33105->33092 33106 d80d8b 33111 d647a0 RtlAllocateHeap ___std_exception_copy 33106->33111 33108->33091 33109->33105 33110->33106 33111->33105 33117 d7a6de 33112->33117 33114 d6e06e 33115 d6e08a SetFilePointerEx 33114->33115 33116 d6e076 __fread_nolock 33114->33116 33115->33116 33116->33097 33118 d7a700 33117->33118 33119 d7a6eb 33117->33119 33124 d7a725 33118->33124 33132 d6d22c RtlAllocateHeap __dosmaperr 33118->33132 33130 d6d22c RtlAllocateHeap __dosmaperr 33119->33130 33122 d7a6f0 33131 d6d23f RtlAllocateHeap __dosmaperr 33122->33131 33124->33114 33125 d7a730 33133 d6d23f RtlAllocateHeap __dosmaperr 33125->33133 33126 d7a6f8 33126->33114 33128 d7a738 33134 d647a0 RtlAllocateHeap ___std_exception_copy 33128->33134 33130->33122 33131->33126 33132->33125 33133->33128 33134->33126 33135->33049 33136->33055 33137->33057 33139 d749ba __fread_nolock 33138->33139 33141 d749f9 33139->33141 33143 d74b12 33139->33143 33141->33064 33142->33064 33144 d7a6de __fread_nolock RtlAllocateHeap 33143->33144 33147 d74b22 33144->33147 33145 d74b28 33155 d7a64d RtlAllocateHeap __dosmaperr 33145->33155 33147->33145 33148 d74b5a 33147->33148 33149 d7a6de __fread_nolock RtlAllocateHeap 33147->33149 33148->33145 33150 d7a6de __fread_nolock RtlAllocateHeap 33148->33150 33151 d74b51 33149->33151 33152 d74b66 FindCloseChangeNotification 33150->33152 33153 d7a6de __fread_nolock RtlAllocateHeap 33151->33153 33152->33145 33153->33148 33154 d74b80 __fread_nolock 33154->33141 33155->33154 33156->32900 33157 c98c58 9 API calls 2 library calls 33703 c81050 RtlAllocateHeap RtlAllocateHeap 33814 c99f50 5 API calls 4 library calls 33815 c93f50 7 API calls 2 library calls 33746 c82160 RtlAllocateHeap std::ios_base::_Ios_base_dtor ___std_exception_destroy 33710 c81000 RtlAllocateHeap RtlAllocateHeap RtlAllocateHeap std::_Facet_Register 33751 c94100 GetPEB RtlAllocateHeap RtlAllocateHeap std::ios_base::_Ios_base_dtor __fread_nolock 33824 c8972e 9 API calls std::ios_base::_Ios_base_dtor 33722 c8c430 23 API calls __fread_nolock 33826 c8af30 4 API calls 2 library calls

              Executed Functions

              Function 00C95B90 Relevance: 58.4, APIs: 5, Strings: 27, Instructions: 2429COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: $*`'$$*`'$$*tk$'[_+$'[_+$(ACL$*$+wj'$.$.$131$@@MC$D$DH][$IMG$I^Z$OFMM$RM[#$\$agnd$bqZP$e`vf$e`vf$ec`v$rnql$s@${~RL
              • API String ID: 0-2086103761
              • Opcode ID: 797bab5bcf4449d6a80da5ff613a7ae359b6872d6c7f627d2ebfd14d4f60b2e0
              • Instruction ID: 6074abde83fad7582ab42fbcff4ce11b0dea10bd177146974dccc9b2c12728b0
              • Opcode Fuzzy Hash: 797bab5bcf4449d6a80da5ff613a7ae359b6872d6c7f627d2ebfd14d4f60b2e0
              • Instruction Fuzzy Hash: 54238E709042588FDF19CF68C888BEDBBB5FF49304F1442D9D449AB282E7759A85CFA1
              Function 00C97DC0 Relevance: 56.6, APIs: 7, Strings: 24, Instructions: 2344COMMON
              Download Yara Rule
              APIs
              • GetUserNameA.ADVAPI32(?,00000104,?,?,?), ref: 00C98006
              • GetFileAttributesA.KERNELBASE(?,00000001,?,?,?,?), ref: 00C9815D
              • __Mtx_unlock.LIBCPMT ref: 00C98186
              • __Mtx_unlock.LIBCPMT ref: 00C98195
              • GetFileAttributesA.KERNELBASE(?,00000001,?,?,?,?,?,?), ref: 00C98751
              • __Mtx_unlock.LIBCPMT ref: 00C9877A
                • Part of subcall function 00CF06C0: Concurrency::cancel_current_task.LIBCPMT ref: 00CF0807
              • __Mtx_unlock.LIBCPMT ref: 00C987D7
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Mtx_unlock$AttributesFile$Concurrency::cancel_current_taskNameUser
              • String ID: $*`'$$*`'$$*tk$'[_+$'[_+.$(ACL$+$+wj'$.$131$@@MC$DH][$IMG$I^Z$OFMM$RM[#$\$agnd$bqZP$e`vf$e`vf$ec`v$rnql${~RL
              • API String ID: 2365767635-4150374978
              • Opcode ID: bad78ee63fdd2dae872a82d9d1b9b9a2dc053144d1bb35f2754b1d393654d616
              • Instruction ID: 5a6b712cf549e1edfbb1d9d06426f20c286af3ace608c483757efb8bb35a57e1
              • Opcode Fuzzy Hash: bad78ee63fdd2dae872a82d9d1b9b9a2dc053144d1bb35f2754b1d393654d616
              • Instruction Fuzzy Hash: FC235C709002598FDF28CF68C898BEDBBB5EF45304F1481EDD419AB282E7759A85CF61
              Function 00C8B6A0 Relevance: 23.6, APIs: 5, Strings: 8, Instructions: 840registryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1211 c8b6a0-c8b6fc 1212 c8b6fe-c8b701 1211->1212 1213 c8b704-c8b72d 1211->1213 1212->1213 1215 c8b733-c8b743 call d650b2 1213->1215 1216 c8b7e5-c8b7ec 1213->1216 1225 c8b749-c8b75d 1215->1225 1226 c8b7e4 1215->1226 1217 c8b7ee-c8b7fa 1216->1217 1218 c8b816-c8b826 1216->1218 1220 c8b80c-c8b813 call d5f511 1217->1220 1221 c8b7fc-c8b80a 1217->1221 1220->1218 1221->1220 1223 c8b827-c8b863 call d647b0 call c8a440 1221->1223 1236 c8b86a-c8b87e 1223->1236 1237 c8b865 1223->1237 1232 c8b7db-c8b7e1 call d6d7d6 1225->1232 1233 c8b75f-c8b78c 1225->1233 1226->1216 1232->1226 1233->1232 1241 c8b78e-c8b79e call d650b2 1233->1241 1240 c8b880-c8b88b 1236->1240 1237->1236 1240->1240 1242 c8b88d-c8b8bd 1240->1242 1241->1232 1247 c8b7a0-c8b7b9 1241->1247 1244 c8b8c0-c8b8c5 1242->1244 1244->1244 1246 c8b8c7-c8b921 call c82ae0 1244->1246 1251 c8b925-c8b930 1246->1251 1252 c8b7bb-c8b7bd 1247->1252 1253 c8b7d2-c8b7d8 call d6d7d6 1247->1253 1251->1251 1255 c8b932-c8b94e RegOpenKeyExA 1251->1255 1256 c8b7c0-c8b7c5 1252->1256 1253->1232 1258 c8b954-c8b97d 1255->1258 1259 c8b9e5-c8b9f9 1255->1259 1256->1256 1260 c8b7c7-c8b7cd call cea350 1256->1260 1262 c8b980-c8b98b 1258->1262 1261 c8ba00-c8ba0b 1259->1261 1260->1253 1261->1261 1264 c8ba0d-c8ba3d 1261->1264 1262->1262 1265 c8b98d-c8b9b1 RegQueryValueExA 1262->1265 1266 c8ba40-c8ba45 1264->1266 1267 c8b9dc-c8b9e0 RegCloseKey 1265->1267 1268 c8b9b3-c8b9bc 1265->1268 1266->1266 1270 c8ba47-c8ba7f call c82ae0 call d614f0 GetCurrentHwProfileA 1266->1270 1267->1259 1269 c8b9c0-c8b9c5 1268->1269 1269->1269 1271 c8b9c7-c8b9d7 call cea350 1269->1271 1277 c8baac-c8bad9 call c8b360 SetupDiGetClassDevsA 1270->1277 1278 c8ba81-c8ba8a 1270->1278 1271->1267 1284 c8badb-c8bb0b 1277->1284 1285 c8bb0d-c8bb1b call c8b1a0 1277->1285 1280 c8ba90-c8ba95 1278->1280 1280->1280 1282 c8ba97-c8baa7 call cea350 1280->1282 1282->1277 1286 c8bb1e-c8bb3c 1284->1286 1285->1286 1289 c8bb40-c8bb45 1286->1289 1289->1289 1290 c8bb47-c8bb58 1289->1290 1291 c8bb5e-c8bb6b 1290->1291 1292 c8c141 call c82270 1290->1292 1294 c8bb6d 1291->1294 1295 c8bb73-c8bb9a call cf20e0 1291->1295 1296 c8c146 call d647b0 1292->1296 1294->1295 1300 c8bb9c 1295->1300 1301 c8bba2-c8bbba 1295->1301 1302 c8c14b-c8c167 call d647b0 1296->1302 1300->1301 1303 c8bbbc-c8bbce 1301->1303 1304 c8bbf3-c8bc08 call cf06c0 1301->1304 1312 c8c169-c8c16b 1302->1312 1313 c8c182-c8c185 1302->1313 1306 c8bbd0 1303->1306 1307 c8bbd6-c8bbf1 call d60f70 1303->1307 1315 c8bc0a-c8bd39 call cea480 call cf1ed0 call cea480 call cf1ed0 1304->1315 1306->1307 1307->1315 1316 c8c170-c8c17c 1312->1316 1326 c8bd6a-c8bd77 1315->1326 1327 c8bd3b-c8bd4a 1315->1327 1316->1316 1318 c8c17e 1316->1318 1318->1313 1330 c8bda8-c8bdcd 1326->1330 1331 c8bd79-c8bd88 1326->1331 1328 c8bd4c-c8bd5a 1327->1328 1329 c8bd60-c8bd67 call d5f511 1327->1329 1328->1296 1328->1329 1329->1326 1335 c8bdfb-c8be05 1330->1335 1336 c8bdcf-c8bddb 1330->1336 1333 c8bd8a-c8bd98 1331->1333 1334 c8bd9e-c8bda5 call d5f511 1331->1334 1333->1296 1333->1334 1334->1330 1339 c8be33-c8be52 1335->1339 1340 c8be07-c8be13 1335->1340 1337 c8bddd-c8bdeb 1336->1337 1338 c8bdf1-c8bdf8 call d5f511 1336->1338 1337->1296 1337->1338 1338->1335 1346 c8be83-c8beab 1339->1346 1347 c8be54-c8be63 1339->1347 1344 c8be29-c8be30 call d5f511 1340->1344 1345 c8be15-c8be23 1340->1345 1344->1339 1345->1296 1345->1344 1349 c8bedc-c8bee6 1346->1349 1350 c8bead-c8bebc 1346->1350 1353 c8be79-c8be80 call d5f511 1347->1353 1354 c8be65-c8be73 1347->1354 1357 c8bee8-c8bef4 1349->1357 1358 c8bf14-c8bf9b 1349->1358 1355 c8bebe-c8becc 1350->1355 1356 c8bed2-c8bed9 call d5f511 1350->1356 1353->1346 1354->1296 1354->1353 1355->1296 1355->1356 1356->1349 1362 c8bf0a-c8bf11 call d5f511 1357->1362 1363 c8bef6-c8bf04 1357->1363 1364 c8bf9d-c8bfa3 1358->1364 1365 c8bfa6-c8bfab 1358->1365 1362->1358 1363->1296 1363->1362 1364->1365 1369 c8bfad 1365->1369 1370 c8bfd6-c8bfd8 1365->1370 1371 c8bfb2-c8bfce call d05b20 1369->1371 1372 c8bfda-c8bffe call d60f70 1370->1372 1373 c8c000 1370->1373 1381 c8bfd0 1371->1381 1377 c8c00a-c8c01d call d05980 1372->1377 1373->1377 1383 c8c01f-c8c02f 1377->1383 1384 c8c030-c8c04f 1377->1384 1381->1370 1383->1384 1385 c8c050-c8c055 1384->1385 1385->1385 1386 c8c057-c8c06e call c82ae0 1385->1386 1389 c8c09f-c8c0c3 1386->1389 1390 c8c070-c8c07f 1386->1390 1393 c8c0f8-c8c101 1389->1393 1394 c8c0c5-c8c0d6 1389->1394 1391 c8c081-c8c08f 1390->1391 1392 c8c095-c8c09c call d5f511 1390->1392 1391->1302 1391->1392 1392->1389 1398 c8c12e-c8c140 1393->1398 1399 c8c103-c8c112 1393->1399 1396 c8c0d8-c8c0e9 1394->1396 1397 c8c0ee-c8c0f5 call d5f511 1394->1397 1396->1302 1403 c8c0eb 1396->1403 1397->1393 1400 c8c124-c8c12b call d5f511 1399->1400 1401 c8c114-c8c122 1399->1401 1400->1398 1401->1302 1401->1400 1403->1397
              APIs
              • RegOpenKeyExA.KERNELBASE(80000002,A3B0BAA7,00000000,00020019,00000000,999D9BA1,999D9BA2), ref: 00C8B947
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Open
              • String ID: :$_$_$_$`yk$bqZD$cj|n$rnql
              • API String ID: 71445658-3798079816
              • Opcode ID: 359b8c0e3a2dee1716f3e49c4354f3a7f0470a8283328f5ef6bee0bbd0faf870
              • Instruction ID: 7092774ec5ef9f5af39a22e93606da422082d207bc54ee4bc9b5e3e6852ffb3e
              • Opcode Fuzzy Hash: 359b8c0e3a2dee1716f3e49c4354f3a7f0470a8283328f5ef6bee0bbd0faf870
              • Instruction Fuzzy Hash: 2572C170D002599FDB18DF68CC84BEEBBB5EF05304F1481ADE419AB282E7759A85CF64
              Function 00C9E0A0 Relevance: 6.1, APIs: 4, Instructions: 100networkCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1966 c9e0a0-c9e0d2 WSAStartup 1967 c9e0d8-c9e102 call c86bd0 * 2 1966->1967 1968 c9e1b7-c9e1c0 1966->1968 1973 c9e10e-c9e165 1967->1973 1974 c9e104-c9e108 1967->1974 1976 c9e1b1 1973->1976 1977 c9e167-c9e16d 1973->1977 1974->1968 1974->1973 1976->1968 1978 c9e16f 1977->1978 1979 c9e1c5-c9e1cf 1977->1979 1980 c9e175-c9e189 socket 1978->1980 1979->1976 1983 c9e1d1-c9e1d9 1979->1983 1980->1976 1982 c9e18b-c9e19b connect 1980->1982 1984 c9e19d-c9e1a5 closesocket 1982->1984 1985 c9e1c1 1982->1985 1984->1980 1986 c9e1a7-c9e1ab 1984->1986 1985->1979 1986->1976
              APIs
              • WSAStartup.WS2_32 ref: 00C9E0CB
              • socket.WS2_32(?,?,?,?,?,?,00DB7320,?,?,?,?,?,?), ref: 00C9E17F
              • connect.WS2_32(00000000,?,00000000,?,?,?,00DB7320,?,?,?,?,?,?), ref: 00C9E193
              • closesocket.WS2_32(00000000), ref: 00C9E19E
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Startupclosesocketconnectsocket
              • String ID:
              • API String ID: 3098855095-0
              • Opcode ID: 09500071b46c38ba84df7744c0710e12904fe07718646696b4cacc084e012d31
              • Instruction ID: e4d46504de4359328365c42ee96d990829165e44489f5756bedc2c9f11439db1
              • Opcode Fuzzy Hash: 09500071b46c38ba84df7744c0710e12904fe07718646696b4cacc084e012d31
              • Instruction Fuzzy Hash: 5B31B071604301ABDB20DF29CC89B2FB7E4EB85728F055F1DF9B8962E1D33199048B92
              Function 00C8A690 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1987 c8a690-c8a6a7 call d5e812 1990 c8a6a9-c8a6ab 1987->1990 1991 c8a6fe-c8a722 call d5e4bb call d5e812 1987->1991 1992 c8a6ad-c8a6af 1990->1992 1993 c8a6e7 1990->1993 2006 c8a73f-c8a745 call d5e4bb 1991->2006 2007 c8a724-c8a73e call d5e823 1991->2007 1996 c8a6b2-c8a6b7 1992->1996 1995 c8a6e9-c8a6fd call d5e823 1993->1995 1996->1996 1999 c8a6b9-c8a6bb 1996->1999 1999->1993 2002 c8a6bd-c8a6c7 GetFileAttributesA 1999->2002 2004 c8a6c9-c8a6d2 2002->2004 2005 c8a6e3-c8a6e5 2002->2005 2004->2005 2012 c8a6d4-c8a6d7 2004->2012 2005->1995 2012->2005 2014 c8a6d9-c8a6dc 2012->2014 2014->2005 2016 c8a6de-c8a6e1 2014->2016 2016->1993 2016->2005
              APIs
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Mtx_unlock$AttributesFile
              • String ID:
              • API String ID: 1886074773-0
              • Opcode ID: 2ecc5c89a1039dedb13cd57fc0dd2b214ece9a12aa83555921f993490db8c6a3
              • Instruction ID: a8bbe8384f531e7cc673e4b1d7a207f19a941a940096da92d8b16abf19290714
              • Opcode Fuzzy Hash: 2ecc5c89a1039dedb13cd57fc0dd2b214ece9a12aa83555921f993490db8c6a3
              • Instruction Fuzzy Hash: FC01C491A45121276D3831742C565FB2A08C99236E72C4923FC26C624AF543DF5953F7
              Function 00C8A090 Relevance: 3.3, APIs: 2, Instructions: 342COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2017 c8a090-c8a12b call d5f290 call c82ae0 2022 c8a130-c8a13b 2017->2022 2022->2022 2023 c8a13d-c8a148 2022->2023 2024 c8a14a 2023->2024 2025 c8a14d-c8a15e call d65362 2023->2025 2024->2025 2028 c8a160-c8a189 call d69136 call d64eeb call d69136 2025->2028 2029 c8a1c4-c8a1ca 2025->2029 2047 c8a19b-c8a1a2 call cecf60 2028->2047 2048 c8a18b-c8a18f 2028->2048 2031 c8a1cc-c8a1d8 2029->2031 2032 c8a1f4-c8a206 2029->2032 2034 c8a1ea-c8a1f1 call d5f511 2031->2034 2035 c8a1da-c8a1e8 2031->2035 2034->2032 2035->2034 2037 c8a207-c8a2ab call d647b0 call d5f290 call c82ae0 2035->2037 2057 c8a2b0-c8a2bb 2037->2057 2053 c8a1a7-c8a1ad 2047->2053 2051 c8a191 2048->2051 2052 c8a193-c8a199 2048->2052 2051->2052 2052->2053 2055 c8a1af 2053->2055 2056 c8a1b1-c8a1c1 call d6dbdf call d68be8 2053->2056 2055->2056 2056->2029 2057->2057 2059 c8a2bd-c8a2c8 2057->2059 2061 c8a2ca 2059->2061 2062 c8a2cd-c8a2de call d65362 2059->2062 2061->2062 2067 c8a2e0-c8a305 call d69136 call d64eeb call d69136 2062->2067 2068 c8a351-c8a357 2062->2068 2085 c8a30c-c8a316 2067->2085 2086 c8a307 2067->2086 2069 c8a359-c8a365 2068->2069 2070 c8a381-c8a393 2068->2070 2072 c8a377-c8a37e call d5f511 2069->2072 2073 c8a367-c8a375 2069->2073 2072->2070 2073->2072 2076 c8a394-c8a3ae call d647b0 2073->2076 2084 c8a3b0-c8a3bb 2076->2084 2084->2084 2087 c8a3bd-c8a3c8 2084->2087 2088 c8a328-c8a32f call cecf60 2085->2088 2089 c8a318-c8a31c 2085->2089 2086->2085 2090 c8a3ca 2087->2090 2091 c8a3cd-c8a3df call d65362 2087->2091 2097 c8a334-c8a33a 2088->2097 2093 c8a31e 2089->2093 2094 c8a320-c8a326 2089->2094 2090->2091 2098 c8a3fc-c8a403 2091->2098 2099 c8a3e1-c8a3f9 call d69136 call d64eeb call d68be8 2091->2099 2093->2094 2094->2097 2100 c8a33c 2097->2100 2101 c8a33e-c8a349 call d6dbdf call d68be8 2097->2101 2103 c8a42d-c8a433 2098->2103 2104 c8a405-c8a411 2098->2104 2099->2098 2100->2101 2114 c8a34e 2101->2114 2107 c8a423-c8a42a call d5f511 2104->2107 2108 c8a413-c8a421 2104->2108 2107->2103 2108->2107 2112 c8a434-c8a439 call d647b0 2108->2112 2114->2068
              APIs
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: __fread_nolock
              • String ID:
              • API String ID: 2638373210-0
              • Opcode ID: d93b8a568f0d902c7579028841f9226c1c9d4c47f30e711a99ed992e4ac7910f
              • Instruction ID: 357f43838dbe4ff4e8df23a315acf07f7d003f018380900886b5de7a9b99c537
              • Opcode Fuzzy Hash: d93b8a568f0d902c7579028841f9226c1c9d4c47f30e711a99ed992e4ac7910f
              • Instruction Fuzzy Hash: D3B13870900204AFEB18EF68CC49B9EBBE8EF41704F10856EF4159B682D7B5DA41C7B6
              Function 00D74623 Relevance: 3.3, APIs: 2, Instructions: 297COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2121 d74623-d74633 2122 d74635-d74648 call d6d22c call d6d23f 2121->2122 2123 d7464d-d7464f 2121->2123 2137 d749a7 2122->2137 2124 d74655-d7465b 2123->2124 2125 d7498f-d7499c call d6d22c call d6d23f 2123->2125 2124->2125 2127 d74661-d7468a 2124->2127 2144 d749a2 call d647a0 2125->2144 2127->2125 2130 d74690-d74699 2127->2130 2133 d746b3-d746b5 2130->2133 2134 d7469b-d746ae call d6d22c call d6d23f 2130->2134 2140 d7498b-d7498d 2133->2140 2141 d746bb-d746bf 2133->2141 2134->2144 2142 d749aa-d749ad 2137->2142 2140->2142 2141->2140 2145 d746c5-d746c9 2141->2145 2144->2137 2145->2134 2148 d746cb-d746e2 2145->2148 2150 d74717-d7471d 2148->2150 2151 d746e4-d746e7 2148->2151 2152 d746f1-d74708 call d6d22c call d6d23f call d647a0 2150->2152 2153 d7471f-d74726 2150->2153 2154 d7470d-d74715 2151->2154 2155 d746e9-d746ef 2151->2155 2183 d748c2 2152->2183 2158 d7472a-d74748 call d76e2d call d76db3 * 2 2153->2158 2159 d74728 2153->2159 2157 d7478a-d747a9 2154->2157 2155->2152 2155->2154 2161 d74865-d7486e call d80d44 2157->2161 2162 d747af-d747bb 2157->2162 2188 d74765-d74788 call d6e13d 2158->2188 2189 d7474a-d74760 call d6d23f call d6d22c 2158->2189 2159->2158 2173 d74870-d74882 2161->2173 2174 d748df 2161->2174 2162->2161 2166 d747c1-d747c3 2162->2166 2166->2161 2170 d747c9-d747ea 2166->2170 2170->2161 2175 d747ec-d74802 2170->2175 2173->2174 2178 d74884-d74893 2173->2178 2179 d748e3-d748f9 ReadFile 2174->2179 2175->2161 2180 d74804-d74806 2175->2180 2178->2174 2197 d74895-d74899 2178->2197 2184 d74957-d74962 2179->2184 2185 d748fb-d74901 2179->2185 2180->2161 2186 d74808-d7482b 2180->2186 2190 d748c5-d748cf call d76db3 2183->2190 2205 d74964-d74976 call d6d23f call d6d22c 2184->2205 2206 d7497b-d7497e 2184->2206 2185->2184 2192 d74903 2185->2192 2186->2161 2187 d7482d-d74843 2186->2187 2187->2161 2193 d74845-d74847 2187->2193 2188->2157 2189->2183 2190->2142 2199 d74906-d74918 2192->2199 2193->2161 2200 d74849-d74860 2193->2200 2197->2179 2204 d7489b-d748b3 2197->2204 2199->2190 2207 d7491a-d7491e 2199->2207 2200->2161 2225 d748b5 2204->2225 2226 d748d4-d748dd 2204->2226 2205->2183 2208 d74984-d74986 2206->2208 2209 d748bb-d748c1 call d6d1e5 2206->2209 2212 d74937-d74944 2207->2212 2213 d74920-d74930 call d74335 2207->2213 2208->2190 2209->2183 2215 d74946 call d7448c 2212->2215 2216 d74950-d74955 call d7417b 2212->2216 2229 d74933-d74935 2213->2229 2230 d7494b-d7494e 2215->2230 2216->2230 2225->2209 2226->2199 2229->2190 2230->2229
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 504525e84e11b37361db5a06691853825d85a9a145642f7e6b4e2a5bdef05f9f
              • Instruction ID: f718eeb3373f33a64ff500eb1515fd1b8f82967b8db6d075dcd7c7abc0d46b5f
              • Opcode Fuzzy Hash: 504525e84e11b37361db5a06691853825d85a9a145642f7e6b4e2a5bdef05f9f
              • Instruction Fuzzy Hash: 19B1F370E042499FDB12DFA8D850BBEBBB5EF4A310F188259E5489B386E770D941CB71
              Function 00D7549C Relevance: 1.7, APIs: 1, Instructions: 198fileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2232 d7549c-d754be 2233 d754c4-d754c6 2232->2233 2234 d756b1 2232->2234 2235 d754f2-d75515 2233->2235 2236 d754c8-d754e7 call d64723 2233->2236 2237 d756b3-d756b7 2234->2237 2239 d75517-d75519 2235->2239 2240 d7551b-d75521 2235->2240 2243 d754ea-d754ed 2236->2243 2239->2240 2242 d75523-d75534 2239->2242 2240->2236 2240->2242 2244 d75547-d75557 call d74fe1 2242->2244 2245 d75536-d75544 call d6e17d 2242->2245 2243->2237 2250 d755a0-d755b2 2244->2250 2251 d75559-d7555f 2244->2251 2245->2244 2254 d755b4-d755ba 2250->2254 2255 d75609-d75629 WriteFile 2250->2255 2252 d75561-d75564 2251->2252 2253 d75588-d7559e call d74bb2 2251->2253 2256 d75566-d75569 2252->2256 2257 d7556f-d7557e call d74f79 2252->2257 2274 d75581-d75583 2253->2274 2261 d755f5-d75607 call d7505e 2254->2261 2262 d755bc-d755bf 2254->2262 2259 d75634 2255->2259 2260 d7562b-d75631 2255->2260 2256->2257 2263 d75649-d7564c 2256->2263 2257->2274 2267 d75637-d75642 2259->2267 2260->2259 2283 d755dc-d755df 2261->2283 2268 d755e1-d755f3 call d75222 2262->2268 2269 d755c1-d755c4 2262->2269 2270 d7564f-d75651 2263->2270 2276 d75644-d75647 2267->2276 2277 d756ac-d756af 2267->2277 2268->2283 2269->2270 2278 d755ca-d755d7 call d75139 2269->2278 2280 d75653-d75658 2270->2280 2281 d7567f-d7568b 2270->2281 2274->2267 2276->2263 2277->2237 2278->2283 2284 d75671-d7567a call d6d208 2280->2284 2285 d7565a-d7566c 2280->2285 2286 d75695-d756a7 2281->2286 2287 d7568d-d75693 2281->2287 2283->2274 2284->2243 2285->2243 2286->2243 2287->2234 2287->2286
              APIs
              • WriteFile.KERNELBASE(?,00000000,00D69087,?,00000000,00000000,00000000,?,00000000,?,00D5E5B1,00D69087,00000000,00D5E5B1,?,?), ref: 00D75622
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: FileWrite
              • String ID:
              • API String ID: 3934441357-0
              • Opcode ID: eeaf799d3d2d470bf4b92d67812f719ceed6ff32afecb3bebbca388263abf25c
              • Instruction ID: 756c76e5492da6ea3a663e24d9fcc72df9bcd72e379b140dedbbc76cb0b83e68
              • Opcode Fuzzy Hash: eeaf799d3d2d470bf4b92d67812f719ceed6ff32afecb3bebbca388263abf25c
              • Instruction Fuzzy Hash: 8761B471D04519AFDF11DFA8D844EAEBFBAEF09304F588149E808A7249E3B1D911CBB1
              Function 00D64942 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2290 d64942-d6494f 2291 d64951-d64974 call d64723 2290->2291 2292 d64979-d6498d call d75f82 2290->2292 2297 d64ae0-d64ae2 2291->2297 2298 d64992-d6499b call d6e11f 2292->2298 2299 d6498f 2292->2299 2301 d649a0-d649af 2298->2301 2299->2298 2302 d649b1 2301->2302 2303 d649bf-d649c8 2301->2303 2306 d649b7-d649b9 2302->2306 2307 d64a89-d64a8e 2302->2307 2304 d649dc-d64a10 2303->2304 2305 d649ca-d649d7 2303->2305 2309 d64a12-d64a1c 2304->2309 2310 d64a6d-d64a79 2304->2310 2308 d64adc 2305->2308 2306->2303 2306->2307 2311 d64ade-d64adf 2307->2311 2308->2311 2312 d64a43-d64a4f 2309->2312 2313 d64a1e-d64a2a 2309->2313 2314 d64a90-d64a93 2310->2314 2315 d64a7b-d64a82 2310->2315 2311->2297 2312->2314 2318 d64a51-d64a6b call d64e59 2312->2318 2313->2312 2317 d64a2c-d64a3e call d64cae 2313->2317 2316 d64a96-d64a9e 2314->2316 2315->2307 2319 d64aa0-d64aa6 2316->2319 2320 d64ada 2316->2320 2317->2311 2318->2316 2323 d64abe-d64ac2 2319->2323 2324 d64aa8-d64abc call d64ae3 2319->2324 2320->2308 2328 d64ac4-d64ad2 call d84a10 2323->2328 2329 d64ad5-d64ad7 2323->2329 2324->2311 2328->2329 2329->2320
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 60a601dee669c779e4ae3485be377ebd20708f620ee71672446dfd1c57c25fe9
              • Instruction ID: e6e4706b9181af81373053f14856c5beacf54a2098d9cc7f34cf042d9c9029f8
              • Opcode Fuzzy Hash: 60a601dee669c779e4ae3485be377ebd20708f620ee71672446dfd1c57c25fe9
              • Instruction Fuzzy Hash: 8F519570A40208FFDB14CF98CC85AAABFA5EF45358F288159F8499B252D371DE41CBB4
              Function 00CF0560 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2333 cf0560-cf057f 2334 cf06a9 call c82270 2333->2334 2335 cf0585-cf0598 2333->2335 2340 cf06ae call c821d0 2334->2340 2336 cf059a 2335->2336 2337 cf05c0-cf05c8 2335->2337 2339 cf059c-cf05a1 2336->2339 2341 cf05ca-cf05cf 2337->2341 2342 cf05d1-cf05d5 2337->2342 2343 cf05a4-cf05a5 call d5f290 2339->2343 2348 cf06b3-cf06b8 call d647b0 2340->2348 2341->2339 2345 cf05d9-cf05e1 2342->2345 2346 cf05d7 2342->2346 2353 cf05aa-cf05af 2343->2353 2349 cf05e3-cf05e8 2345->2349 2350 cf05f0-cf05f2 2345->2350 2346->2345 2349->2340 2355 cf05ee 2349->2355 2351 cf05f4-cf05ff call d5f290 2350->2351 2352 cf0601 2350->2352 2357 cf0603-cf0629 2351->2357 2352->2357 2353->2348 2358 cf05b5-cf05be 2353->2358 2355->2343 2361 cf062b-cf0655 call d60f70 call d614f0 2357->2361 2362 cf0680-cf06a6 call d60f70 call d614f0 2357->2362 2358->2357 2371 cf0669-cf067d call d5f511 2361->2371 2372 cf0657-cf0665 2361->2372 2372->2348 2373 cf0667 2372->2373 2373->2371
              APIs
              • Concurrency::cancel_current_task.LIBCPMT ref: 00CF06AE
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Concurrency::cancel_current_task
              • String ID:
              • API String ID: 118556049-0
              • Opcode ID: 704878a6fb962aec51445f9c7907984ce5d7d965d91800b1a8fb89f3cbd27ced
              • Instruction ID: 24996bce6b0c376f712f9fd696192d67e59c53d909396b112f32447166f5b2da
              • Opcode Fuzzy Hash: 704878a6fb962aec51445f9c7907984ce5d7d965d91800b1a8fb89f3cbd27ced
              • Instruction Fuzzy Hash: 974103B2A001189FCB05EF68DD806AE7BA5EF88710F240169FD15DB302D770DE618BE6
              Function 00D74B12 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2376 d74b12-d74b26 call d7a6de 2379 d74b2c-d74b34 2376->2379 2380 d74b28-d74b2a 2376->2380 2382 d74b36-d74b3d 2379->2382 2383 d74b3f-d74b42 2379->2383 2381 d74b7a-d74b9a call d7a64d 2380->2381 2391 d74bac 2381->2391 2392 d74b9c-d74baa call d6d208 2381->2392 2382->2383 2385 d74b4a-d74b5e call d7a6de * 2 2382->2385 2386 d74b44-d74b48 2383->2386 2387 d74b60-d74b70 call d7a6de FindCloseChangeNotification 2383->2387 2385->2380 2385->2387 2386->2385 2386->2387 2387->2380 2395 d74b72-d74b78 2387->2395 2397 d74bae-d74bb1 2391->2397 2392->2397 2395->2381
              APIs
              • FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,00D749F9,00000000,CF830579,00DB1140,0000000C,00D74AB5,00D68BBD,?), ref: 00D74B69
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 4b0c4aee87baa356cc433ab46a6e218f0bcf95e010a2a98846fbec89aa2b4a1c
              • Instruction ID: ad6e07fc678897603022a7b2b8f5fafa5bcaed3622625d5698b4e0b702f567fd
              • Opcode Fuzzy Hash: 4b0c4aee87baa356cc433ab46a6e218f0bcf95e010a2a98846fbec89aa2b4a1c
              • Instruction Fuzzy Hash: C4112B3374512496CB2762386851B7E6B4ACBC2774F2D8649F91C8B1C2FF61DC415175
              Function 00D6E05C Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2402 d6e05c-d6e074 call d7a6de 2405 d6e076-d6e07d 2402->2405 2406 d6e08a-d6e0a0 SetFilePointerEx 2402->2406 2407 d6e084-d6e088 2405->2407 2408 d6e0b5-d6e0bf 2406->2408 2409 d6e0a2-d6e0b3 call d6d208 2406->2409 2411 d6e0db-d6e0de 2407->2411 2408->2407 2410 d6e0c1-d6e0d6 2408->2410 2409->2407 2410->2411
              APIs
              • SetFilePointerEx.KERNELBASE(00000000,00000000,00DB0DF8,00D5E5B1,00000002,00D5E5B1,00000000,?,?,?,00D6E166,00000000,?,00D5E5B1,00000002,00DB0DF8), ref: 00D6E099
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: FilePointer
              • String ID:
              • API String ID: 973152223-0
              • Opcode ID: c836ad457f19a93433b81109490f4d8cb0e451b680b341689c2257422c1c4abd
              • Instruction ID: ab4bd61add9e1f0ad53d0e52cedbe4f01f02c16f6121d74443dc82eae8d7a8b1
              • Opcode Fuzzy Hash: c836ad457f19a93433b81109490f4d8cb0e451b680b341689c2257422c1c4abd
              • Instruction Fuzzy Hash: C4012636614119ABCF05CF18CC05D9F3B29DB85334B280248F8509B2D1E6B2E9418BE0
              Function 00D5F290 Relevance: 1.6, APIs: 1, Instructions: 51COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2415 d5f290-d5f293 2416 d5f2a2-d5f2a5 call d6df2c 2415->2416 2418 d5f2aa-d5f2ad 2416->2418 2419 d5f295-d5f2a0 call d717d8 2418->2419 2420 d5f2af-d5f2b0 2418->2420 2419->2416 2423 d5f2b1-d5f2b5 2419->2423 2424 c821d0-c82220 call c821b0 call d60efb call d60651 2423->2424 2425 d5f2bb 2423->2425 2425->2425
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00C8220E
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID:
              • API String ID: 2659868963-0
              • Opcode ID: bd7e0067bb086f80b45c316382e84229741abfaa6cebb2a58e32a7dd70dcbfa1
              • Instruction ID: 49382ebe8555f9d9a28bb771575809a44b212f4de84fc74aac5abd35b1fc817d
              • Opcode Fuzzy Hash: bd7e0067bb086f80b45c316382e84229741abfaa6cebb2a58e32a7dd70dcbfa1
              • Instruction Fuzzy Hash: 62012B7550030DABCF14AF98E80689A7BECDE00310F548439FE58DB651EB70E95887B4
              Function 00D763F3 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2432 d763f3-d763fe 2433 d76400-d7640a 2432->2433 2434 d7640c-d76412 2432->2434 2433->2434 2435 d76440-d7644b call d6d23f 2433->2435 2436 d76414-d76415 2434->2436 2437 d7642b-d7643c RtlAllocateHeap 2434->2437 2442 d7644d-d7644f 2435->2442 2436->2437 2438 d76417-d7641e call d73f93 2437->2438 2439 d7643e 2437->2439 2438->2435 2445 d76420-d76429 call d717d8 2438->2445 2439->2442 2445->2435 2445->2437
              APIs
              • RtlAllocateHeap.NTDLL(00000008,00D5D6FA,00000004,?,00D75D79,00000001,00000364,00000004,00000007,000000FF,?,00D6067B,00000002,00000000,?,?), ref: 00D76435
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 661dc90baa2b4d4cf212762d72955450e5625bbffe3dbfea14ebb7e7313a7326
              • Instruction ID: 35a9104accdea12d11846daad00bf4471e56c992a9785763268bb574d9fa4a03
              • Opcode Fuzzy Hash: 661dc90baa2b4d4cf212762d72955450e5625bbffe3dbfea14ebb7e7313a7326
              • Instruction Fuzzy Hash: EBF08931509A24AA9B216F669C06B5B7F59EF857A8F19C151EC0CD6180FA30DC1146F1
              Function 00D76E2D Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2448 d76e2d-d76e39 2449 d76e6b-d76e76 call d6d23f 2448->2449 2450 d76e3b-d76e3d 2448->2450 2457 d76e78-d76e7a 2449->2457 2452 d76e56-d76e67 RtlAllocateHeap 2450->2452 2453 d76e3f-d76e40 2450->2453 2454 d76e42-d76e49 call d73f93 2452->2454 2455 d76e69 2452->2455 2453->2452 2454->2449 2460 d76e4b-d76e54 call d717d8 2454->2460 2455->2457 2460->2449 2460->2452
              APIs
              • RtlAllocateHeap.NTDLL(00000000,00000004,00000000,?,00D6067B,00000002,00000000,?,?,?,00C8303D,00D5D6FA,00000004,00000000,00D5D6FA), ref: 00D76E60
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: a6edab15feecfbe3c71950329d55e6ca3e00e202441c8cc23d1798afd2431108
              • Instruction ID: a02d04c490be3df7b24a8319bb64dd5532941e8202eb1eb86c978aa3d66ed7b0
              • Opcode Fuzzy Hash: a6edab15feecfbe3c71950329d55e6ca3e00e202441c8cc23d1798afd2431108
              • Instruction Fuzzy Hash: B6E06D39541E25AADB312665DD02B6B7A59DF827A0F19C621FD8DA61D1FB20C81081B8

              Non-executed Functions

              Function 00D03F80 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 263libraryloaderCOMMON
              Download Yara Rule
              APIs
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 00D040CC
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 00D04116
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 00D0414E
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 00D04196
              • GetProcAddress.KERNEL32(00000000,BF989CA3), ref: 00D041E9
              Strings
              • vdPf, xrefs: 00D04249
              • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36, xrefs: 00D04037
              • D`vb, xrefs: 00D041B4
              • pv, xrefs: 00D0431D
              • mdmv, xrefs: 00D04316
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: AddressProc
              • String ID: D`vb$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36$mdmv$pv$vdPf
              • API String ID: 190572456-2376812635
              • Opcode ID: af02dd27d7e203fba13a79666ec35e18d1c8db0af66695087ce20416ecb70d23
              • Instruction ID: e1c8aa4ae9ab6b238eaa613089e194f1041ce010eb3657215c034ea974c785b7
              • Opcode Fuzzy Hash: af02dd27d7e203fba13a79666ec35e18d1c8db0af66695087ce20416ecb70d23
              • Instruction Fuzzy Hash: FCC109B0818388DEDB44DFA8E484BEDBFF4EF19704F50406ED845AB682D3755509CBA9
              Function 00C8D8B9 Relevance: 26.6, APIs: 2, Strings: 13, Instructions: 377COMMON
              Download Yara Rule
              APIs
              • Process32Next.KERNEL32(00000000,00000128), ref: 00C8DAB0
              • Process32Next.KERNEL32(00000000,?), ref: 00C8DAF8
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: NextProcess32
              • String ID: ?$EIJ$IOQW$agnd$bqZP$d;"&$ec`v$jjst$oo$rAKq$rnql$za@r${~RL
              • API String ID: 1850201408-2823651170
              • Opcode ID: 3acc94521c997f9f65eafd7b6aab4ec47b31df97a76cb3a5a9c5d31b6a6df8b9
              • Instruction ID: ab1f8e914c948c29fd2af99689fad170486cbf06328e714452afce3204da85f4
              • Opcode Fuzzy Hash: 3acc94521c997f9f65eafd7b6aab4ec47b31df97a76cb3a5a9c5d31b6a6df8b9
              • Instruction Fuzzy Hash: C1F14CB1D1122C9AEF24EB90CC45BEEB7B8EF15304F4005D9E509A7282EB705B89DF65
              Function 00C88D70 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 311libraryloaderCOMMON
              Download Yara Rule
              APIs
              • GetModuleHandleA.KERNEL32(9B92819A,?,?,00DB56BC), ref: 00C88E0E
              • GetProcAddress.KERNEL32(00000000,82B281BA), ref: 00C88E1B
              • GetModuleHandleA.KERNEL32(9B92819A), ref: 00C88E85
              • GetProcAddress.KERNEL32(00000000,82A781BA), ref: 00C88E8C
              • CloseHandle.KERNEL32(00000000), ref: 00C89092
              • CloseHandle.KERNEL32(00000000), ref: 00C890F4
              • CloseHandle.KERNEL32(00000000), ref: 00C89121
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Handle$Close$AddressModuleProc
              • String ID: File$bkg`$eHlW$l$lwcf$p$t
              • API String ID: 4110381430-3184506882
              • Opcode ID: ec45aee28fcdd1506a55c9f23b8c1789f1320bca57fb1fdb60323ba7527438df
              • Instruction ID: f109a43b7b14b6dc59dddac9582e982d6cff1f72613107c735a149bb22b1c563
              • Opcode Fuzzy Hash: ec45aee28fcdd1506a55c9f23b8c1789f1320bca57fb1fdb60323ba7527438df
              • Instruction Fuzzy Hash: 61C1AD70E002599BDF20DFA4CC85BAEBBB9FF05304F144069E505BB281DB71AA49CB69
              Function 00CEF810 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 175COMMON
              Download Yara Rule
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 00CEF833
              • std::_Lockit::_Lockit.LIBCPMT ref: 00CEF855
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CEF875
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CEF89F
              • std::_Lockit::_Lockit.LIBCPMT ref: 00CEF90D
              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00CEF959
              • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00CEF973
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CEFA08
              • std::_Facet_Register.LIBCPMT ref: 00CEFA15
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
              • String ID: bad locale name$Ps
              • API String ID: 3375549084-1174896957
              • Opcode ID: 50aca5d8e0a943cccc04af196e5ea57104342bf54a07a5969f30efec043334dc
              • Instruction ID: 3ef994cfa2c6a89a20ca09bb098b2fe5953d2dd52ffe90dd0ece775fabd7e98c
              • Opcode Fuzzy Hash: 50aca5d8e0a943cccc04af196e5ea57104342bf54a07a5969f30efec043334dc
              • Instruction Fuzzy Hash: 9461B071E00248DBEF20DFA5D845B9EBBB4EF15310F140168E855A7381E775EA0ACBB2
              Function 00C94490 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 225registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExA.ADVAPI32(80000002,A3A5ACA7,00000000,00020019,?), ref: 00C9452C
              • RegOpenKeyExA.ADVAPI32(80000002,A3A5ACA7,00000000,00020019,?), ref: 00C945AA
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Open
              • String ID: P^k}$fxqv$gI@U$jqth$jqth$nuAl$wa]n$ynj
              • API String ID: 71445658-2554975206
              • Opcode ID: cf1f443227e82393ad9a490f4176eb8aab5f4bfb7230ea7248184110c543aacb
              • Instruction ID: 5727bae72f6cd684954155a53d50ba81d335556f73a2a692cab5d92c893c3ad1
              • Opcode Fuzzy Hash: cf1f443227e82393ad9a490f4176eb8aab5f4bfb7230ea7248184110c543aacb
              • Instruction Fuzzy Hash: 1A81D470D102489FDF18CFA8D888FEEBBB9EF0A304F14415DE451AB681E7719A06CB64
              Function 00C839F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156COMMON
              Download Yara Rule
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 00C83A58
              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C83AA4
              • __Getctype.LIBCPMT ref: 00C83ABA
              • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00C83AE6
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C83B7B
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
              • String ID: bad locale name
              • API String ID: 1840309910-1405518554
              • Opcode ID: 7b887546de465cc568effb5b9177bfc5ca704f881109cc57926d7ece8d7ceecf
              • Instruction ID: df710dc5247b410c007d8e4bbfe0da864faa8ad9e9d8753ed5c579dd4429e5d6
              • Opcode Fuzzy Hash: 7b887546de465cc568effb5b9177bfc5ca704f881109cc57926d7ece8d7ceecf
              • Instruction Fuzzy Hash: 04513EB1D002489BEF14EFA4D845B9EBBB8EF14714F144069EC19AB341E774DA08CBB6
              Function 00C8B1A0 Relevance: 10.6, APIs: 7, Instructions: 133memoryCOMMON
              Download Yara Rule
              APIs
              • LocalAlloc.KERNEL32(00000040,0000001C), ref: 00C8B1F0
              • LocalAlloc.KERNEL32(00000040,0000001C,?,00000000,00000000), ref: 00C8B239
              • SetupDiGetDeviceInterfaceDetailA.SETUPAPI(?,00000000,00000000,00000000,?,00000000), ref: 00C8B26D
              • SetupDiGetDeviceInterfaceDetailA.SETUPAPI(?,?,00000000,?,00000000,00000000), ref: 00C8B28F
              • LocalFree.KERNEL32(?,?,?,?,?,00000000,?,00000000,00000000), ref: 00C8B2C0
              • LocalFree.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 00C8B2C5
              • LocalFree.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 00C8B2C8
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Local$Free$AllocDetailDeviceInterfaceSetup
              • String ID:
              • API String ID: 4232148138-0
              • Opcode ID: 1be4266767768ee3bde3f48abe87f71dd9d08b9e5258d04ae6162f8e0dd70064
              • Instruction ID: a6b79f666188690259766fbbe7db5af8d5ba5af3b921f1b21c6628749930d96b
              • Opcode Fuzzy Hash: 1be4266767768ee3bde3f48abe87f71dd9d08b9e5258d04ae6162f8e0dd70064
              • Instruction Fuzzy Hash: E0411CB1A40309AFDB20DFA9DC41BAEBBF8FB48700F10452AE559E7650E775A9008B60
              Function 00D62E10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
              Download Yara Rule
              APIs
              • _ValidateLocalCookies.LIBCMT ref: 00D62E47
              • ___except_validate_context_record.LIBVCRUNTIME ref: 00D62E4F
              • _ValidateLocalCookies.LIBCMT ref: 00D62ED8
              • __IsNonwritableInCurrentImage.LIBCMT ref: 00D62F03
              • _ValidateLocalCookies.LIBCMT ref: 00D62F58
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
              • String ID: csm
              • API String ID: 1170836740-1018135373
              • Opcode ID: 4b6b57949ad549cf962e2a9d1f675ec8f00b14963bcfff0aa26b157b6d63c89a
              • Instruction ID: 85a90fbc94eaa3c380140dce98f43f06f1d894cc7c7fc7dd8c919735bcd24611
              • Opcode Fuzzy Hash: 4b6b57949ad549cf962e2a9d1f675ec8f00b14963bcfff0aa26b157b6d63c89a
              • Instruction Fuzzy Hash: 6541B530A00609AFCF10DF68C885AAEBBB5EF45324F188565F8149B352D732EE55CBB1
              Function 00D6D513 Relevance: 9.3, APIs: 6, Instructions: 285COMMON
              Download Yara Rule
              APIs
              • __allrem.LIBCMT ref: 00D6D69B
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D6D6B7
              • __allrem.LIBCMT ref: 00D6D6CE
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D6D6EC
              • __allrem.LIBCMT ref: 00D6D703
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D6D721
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
              • String ID:
              • API String ID: 1992179935-0
              • Opcode ID: 7222d4fbd83bf911f66e88245ad854337fd27cd591c1530f5d5dc897f2461532
              • Instruction ID: 186418f007775c9316ac0e4880f1ddd155ce762789001fdff7986d980427f0b0
              • Opcode Fuzzy Hash: 7222d4fbd83bf911f66e88245ad854337fd27cd591c1530f5d5dc897f2461532
              • Instruction Fuzzy Hash: 9A810B72F007169BD720AF68EC41B6A73EAEF55724F24462AF416DB6C1E770D90087B1
              Function 00CEDE70 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
              Download Yara Rule
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 00CEDE93
              • std::_Lockit::_Lockit.LIBCPMT ref: 00CEDEB6
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CEDED6
              • std::_Facet_Register.LIBCPMT ref: 00CEDF4B
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00CEDF63
              • Concurrency::cancel_current_task.LIBCPMT ref: 00CEDF7B
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
              • String ID:
              • API String ID: 2081738530-0
              • Opcode ID: c7447da03327ee711e092243aa561e863a30a13acc69f50bf80ac5d4bc9807b0
              • Instruction ID: d565af55f19fa30ae6b357d1b28e64941ef2a54262dc4f3bcd13a758f90e15c5
              • Opcode Fuzzy Hash: c7447da03327ee711e092243aa561e863a30a13acc69f50bf80ac5d4bc9807b0
              • Instruction Fuzzy Hash: 2631A072900256DFCB24DF95D881AAEBBB4FB14720F184259E816AB351D730AE05CBF1
              Function 00C8A750 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 272COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: \*.*
              • API String ID: 0-1173974218
              • Opcode ID: fdc42279b3d1eaa943a4849d233e9260e250a2d779c7e1007bb0273806ff31b7
              • Instruction ID: be83d613ecd9ed70cec412e6a1bed68b06d0ba23c8334bddbf6d51074f5ff674
              • Opcode Fuzzy Hash: fdc42279b3d1eaa943a4849d233e9260e250a2d779c7e1007bb0273806ff31b7
              • Instruction Fuzzy Hash: 91A1C470D002099FEF18EFA8C984BEEBBB5FF09314F14451AE415E7681E7709A85CB66
              Function 00C84C50 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 345COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C84F72
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C84FFF
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: ", "$: "
              • API String ID: 4194217158-747220369
              • Opcode ID: 6b3b04dcb7efcd47760d1483b508eadea6d44ee3750bb771f6769cf9cba69c13
              • Instruction ID: 9bc3570b2e8fffce1121ac6e8f86a1c4fcb5800a254a033a28f1744fb4757335
              • Opcode Fuzzy Hash: 6b3b04dcb7efcd47760d1483b508eadea6d44ee3750bb771f6769cf9cba69c13
              • Instruction Fuzzy Hash: DCC111719002058FDB28EF68D885BAEFBF5FF48304F10492DE45297B81E774AA45CBA5
              Function 00C87820 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 310COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00C8799A
              • ___std_exception_copy.LIBVCRUNTIME ref: 00C87B75
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: out_of_range$type_error
              • API String ID: 2659868963-3702451861
              • Opcode ID: 9ef53ad06c950443b9773adc69d6bf222e3317c4f7b7c05e5f558f1877b9dc2e
              • Instruction ID: 69d8bbbece3f3a6a2991f0c25081958c9167f0d105b496b0d28e337f1100d483
              • Opcode Fuzzy Hash: 9ef53ad06c950443b9773adc69d6bf222e3317c4f7b7c05e5f558f1877b9dc2e
              • Instruction Fuzzy Hash: 7AC169B1D002088FDB08DFA8D984B9DBBF1FF49304F248669E459EB781E7749981CB64
              Function 00C873B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C875BE
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C875CD
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: at line $, column
              • API String ID: 4194217158-191570568
              • Opcode ID: 4ef3a0dfe37e650ff0c3f2c380665328503e5deb84b62fb2a9b3569885f49dc9
              • Instruction ID: 230b43a06a08241ddc561d39c9651f1b4c463e482dd165e3d3715dad0a3ca613
              • Opcode Fuzzy Hash: 4ef3a0dfe37e650ff0c3f2c380665328503e5deb84b62fb2a9b3569885f49dc9
              • Instruction Fuzzy Hash: A0610671A042049FDB08DF68DC84BADBBB6FF45304F24862CE415A7781E774EA45CBA5
              Function 00C8AF30 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON
              Download Yara Rule
              APIs
              • GetSystemMetrics.USER32(00000001), ref: 00C8AF8A
              • GetSystemMetrics.USER32(00000000), ref: 00C8AF90
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: MetricsSystem
              • String ID: d$image/png
              • API String ID: 4116985748-2616758285
              • Opcode ID: 090adcca66f888eb0d91d82aeaf254aa99c286df7142aa781f0b2b07ceaca4c5
              • Instruction ID: 223b2b42d97762ea957c17bbb7758c8f029674552bf6618c2e0e9d5e11df6d95
              • Opcode Fuzzy Hash: 090adcca66f888eb0d91d82aeaf254aa99c286df7142aa781f0b2b07ceaca4c5
              • Instruction Fuzzy Hash: 8E516AB1508301AFE710EF24C894B6BBBE8EF99758F004D2DF99496250E771ED048BA6
              Function 00C83D10 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00C83E7F
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2659868963-1866435925
              • Opcode ID: a8c073f073d36d16ae3b21695f44aa8104ac79891f212ac1e36af602db4d9581
              • Instruction ID: 73da7404add71a7da6ecee64fa33ffa6c5a37a5591358b9ade23284bb3c00b24
              • Opcode Fuzzy Hash: a8c073f073d36d16ae3b21695f44aa8104ac79891f212ac1e36af602db4d9581
              • Instruction Fuzzy Hash: 9641B3B6900244AFCB04EF68C845BAEBBF8EF49710F14852AF915D7741E774AA058BB4
              Function 00C83DE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00C83E7F
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
              • API String ID: 2659868963-1866435925
              • Opcode ID: 139cfc809a133d20e7b44b70d25987a80059bab29badf2c88ef08798dac47611
              • Instruction ID: 55d58fc835d0cce220c2b6462432b68da281407da244dc47de25480e214243e0
              • Opcode Fuzzy Hash: 139cfc809a133d20e7b44b70d25987a80059bab29badf2c88ef08798dac47611
              • Instruction Fuzzy Hash: 75210AB29003446FC714EF58D805B9AB7DCAB05710F18882EFA68CB741E774EA14CBB5
              Function 00C93AA0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 383COMMON
              Download Yara Rule
              Strings
              • \, xrefs: 00C93BF8
              • abcdefghijklmnopqrstuvwxyz0123456789_ABCDEFGHIJKLMNOPQRSTUVWXYZ, xrefs: 00C93BBB
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID: \$abcdefghijklmnopqrstuvwxyz0123456789_ABCDEFGHIJKLMNOPQRSTUVWXYZ
              • API String ID: 0-680898115
              • Opcode ID: 2dde0162759cbcaebeea7395cb898d1dc15527e01660b482e34d6073b638d185
              • Instruction ID: d3751cc6264176087d5420862b242bccb0903f2bb31e5c15e05fc7c28b3d327c
              • Opcode Fuzzy Hash: 2dde0162759cbcaebeea7395cb898d1dc15527e01660b482e34d6073b638d185
              • Instruction Fuzzy Hash: ADE19171D00248CFDF08DFA8C899BAEBBB5FF45300F148269E415AB782D7759A45CBA1
              Function 00C86F40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 349COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00C87340
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: parse error$parse_error
              • API String ID: 2659868963-1820534363
              • Opcode ID: 747a3af68da61219ee04f08d983e080f81004126f039f9830e2247d7a1f17a04
              • Instruction ID: 63f71cdbc3fd2beefa786148d0386b5140d7351fb3f3bcf85a2e71c3c7c35049
              • Opcode Fuzzy Hash: 747a3af68da61219ee04f08d983e080f81004126f039f9830e2247d7a1f17a04
              • Instruction Fuzzy Hash: 0AE171719042089FDB18DF68C884B9DBBB1FF49304F24826DE418EB792E7749A85CF65
              Function 00C86C60 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 247COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C86F11
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C86F20
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: [json.exception.
              • API String ID: 4194217158-791563284
              • Opcode ID: 4ea2b813ef483c65fba35cc990d17222b27c2ba4384303260d97183c20f4848b
              • Instruction ID: b919c22a329b21339da1b15ab17e8454e278dc35490913ca1fc68df2218ff393
              • Opcode Fuzzy Hash: 4ea2b813ef483c65fba35cc990d17222b27c2ba4384303260d97183c20f4848b
              • Instruction Fuzzy Hash: 8A91E570A002089FDB18DF68D884B9EFBF2FF45304F20856DE455AB792D771A945CB64
              Function 00CFA520 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 234COMMON
              Download Yara Rule
              APIs
              • Concurrency::cancel_current_task.LIBCPMT ref: 00CFA656
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: Concurrency::cancel_current_task
              • String ID: pected $unexpected
              • API String ID: 118556049-356062554
              • Opcode ID: a488096d346ddb20ad401a233e08d86b5c368dbbab1f4f7ebdf35b9828553d39
              • Instruction ID: 1ceb8bf5441611bbe01fac5b96c64f3fe8856f61cab15076f87b3d81bdb5f8ad
              • Opcode Fuzzy Hash: a488096d346ddb20ad401a233e08d86b5c368dbbab1f4f7ebdf35b9828553d39
              • Instruction Fuzzy Hash: 7D5138B25001049FDB18EF28D884A6EF7A5EF45310F244629F95ACB685EB30ED4587E2
              Function 00CF8F90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00CF9753
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00CF976C
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00CFA374
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00CFA38D
              Strings
              Memory Dump Source
              • Source File: 00000007.00000002.3274575639.0000000000C81000.00000040.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
              • Associated: 00000007.00000002.3274540215.0000000000C80000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274575639.0000000000DB3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274824705.0000000000DB8000.00000008.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274869359.0000000000DBB000.00000004.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274905099.0000000000DBC000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274942387.0000000000DC6000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3274981034.0000000000DC7000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275022694.0000000000DC8000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275229943.0000000000F20000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275270401.0000000000F22000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275312396.0000000000F3C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275348956.0000000000F3E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F3F000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275382671.0000000000F48000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275461478.0000000000F4C000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275497870.0000000000F54000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275536505.0000000000F5B000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275572590.0000000000F5C000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275607149.0000000000F64000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275639410.0000000000F66000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275681645.0000000000F75000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275722413.0000000000F76000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275753265.0000000000F7E000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275795445.0000000000F8A000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275848326.0000000000FAA000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FAB000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE3000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3275876900.0000000000FE5000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276040552.0000000001012000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276079753.0000000001013000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.0000000001014000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276121343.000000000101A000.00000080.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276200291.0000000001029000.00000040.00000001.01000000.00000004.sdmpDownload File
              • Associated: 00000007.00000002.3276239394.000000000102A000.00000080.00000001.01000000.00000004.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_7_2_c80000_MPGPH131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: value
              • API String ID: 4194217158-494360628
              • Opcode ID: 8d77fc14e33f24f56b2e6da112be02ee6d332f1162637975d1e3335071f6a931
              • Instruction ID: c8449a5f97534e189af6baa8db876fd081fa7f7be96d1479ba0ec7e93def0638
              • Opcode Fuzzy Hash: 8d77fc14e33f24f56b2e6da112be02ee6d332f1162637975d1e3335071f6a931
              • Instruction Fuzzy Hash: 02519EB0D0025C9FDB14DFA8DC88BEEBBB8AF05300F144169E549A7792D7749A48DB62

              Execution Graph

              Execution Coverage:3.1%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:0%
              Total number of Nodes:661
              Total number of Limit Nodes:82
              execution_graph 30623 588c58 7 API calls 2 library calls 31449 571050 RtlAllocateHeap RtlAllocateHeap 31518 589f50 5 API calls 4 library calls 31453 58284f 14 API calls 31527 572160 RtlAllocateHeap std::ios_base::_Ios_base_dtor ___std_exception_destroy 31467 571000 RtlAllocateHeap RtlAllocateHeap RtlAllocateHeap std::_Facet_Register 31537 584100 GetPEB RtlAllocateHeap RtlAllocateHeap std::ios_base::_Ios_base_dtor __fread_nolock 30625 587e3e 30768 5e20e0 30625->30768 30627 587e5c 30628 5e20e0 2 API calls 30627->30628 30629 587ed7 30628->30629 30630 5e20e0 2 API calls 30629->30630 30631 587f4f __fread_nolock 30630->30631 30783 572ae0 30631->30783 30633 587fcc __fread_nolock 30634 587ff4 GetUserNameA 30633->30634 30635 588028 30634->30635 30636 572ae0 2 API calls 30635->30636 30640 5885ae std::ios_base::_Ios_base_dtor 30635->30640 30637 58808b 30636->30637 30799 5da480 30637->30799 30639 5880a8 30642 5880d1 std::locale::_Init 30639->30642 30856 5e06c0 2 API calls 4 library calls 30639->30856 30644 572ae0 2 API calls 30640->30644 30645 58987f std::ios_base::_Ios_base_dtor 30640->30645 30804 64e812 30642->30804 30647 588676 30644->30647 30648 572ae0 2 API calls 30645->30648 30654 589c97 std::ios_base::_Ios_base_dtor 30645->30654 30652 5da480 2 API calls 30647->30652 30662 5899c6 30648->30662 30649 588140 30659 58815b GetFileAttributesA 30649->30659 30669 588167 __Mtx_unlock 30649->30669 30650 589dc6 30867 64e4bb 6 API calls std::locale::_Setgloballocale 30650->30867 30651 6547b0 RtlAllocateHeap 30671 589e22 30651->30671 30663 588693 std::locale::_Init 30652->30663 30653 589d9c std::ios_base::_Ios_base_dtor 30654->30651 30654->30653 30656 589dcc 30868 572270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 30656->30868 30658 589dd1 30869 6547b0 30658->30869 30659->30669 30661 589dd6 30664 6547b0 RtlAllocateHeap 30661->30664 30665 589e09 30662->30665 30666 589a3e 30662->30666 30673 64e812 GetSystemTimePreciseAsFileTime 30663->30673 30668 589ddb 30664->30668 30874 572270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 30665->30874 30675 5e20e0 2 API calls 30666->30675 30667 588573 std::ios_base::_Ios_base_dtor 30667->30640 30667->30668 30674 6547b0 RtlAllocateHeap 30668->30674 30669->30656 30669->30667 30681 5881fa 30669->30681 30672 589e0e 30676 6547b0 RtlAllocateHeap 30672->30676 30678 588721 30673->30678 30677 589de0 30674->30677 30679 589a6a 30675->30679 30680 589c30 30676->30680 30872 64e4bb 6 API calls std::locale::_Setgloballocale 30677->30872 30678->30677 30692 58872c 30678->30692 30683 5da480 2 API calls 30679->30683 30684 6547b0 RtlAllocateHeap 30680->30684 30726 589c5d std::ios_base::_Ios_base_dtor 30680->30726 30687 5e20e0 2 API calls 30681->30687 30686 589a7d 30683->30686 30684->30726 30685 589de6 30688 6547b0 RtlAllocateHeap 30685->30688 30833 5da4f0 30686->30833 30693 588222 30687->30693 30691 589deb 30688->30691 30690 6547b0 RtlAllocateHeap 30690->30654 30873 572270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 30691->30873 30694 58874f GetFileAttributesA 30692->30694 30703 58875b __Mtx_unlock 30692->30703 30696 58824f std::locale::_Init 30693->30696 30857 5e06c0 2 API calls 4 library calls 30693->30857 30694->30703 30707 588775 __Mtx_unlock 30694->30707 30704 5da480 2 API calls 30696->30704 30697 589df0 30700 6547b0 RtlAllocateHeap 30697->30700 30698 589adb std::ios_base::_Ios_base_dtor 30698->30672 30702 589b4d std::ios_base::_Ios_base_dtor 30698->30702 30700->30665 30701 572ae0 2 API calls 30701->30707 30838 655362 30702->30838 30703->30701 30703->30707 30710 58830a std::ios_base::_Ios_base_dtor 30704->30710 30707->30685 30713 5887cd std::ios_base::_Ios_base_dtor 30707->30713 30708 5883e2 std::ios_base::_Ios_base_dtor 30807 5da770 30708->30807 30710->30658 30710->30708 30712 58840c 30824 57a600 30712->30824 30713->30645 30713->30691 30713->30713 30715 5888be 30713->30715 30716 5e20e0 2 API calls 30715->30716 30717 5888e6 30716->30717 30719 58890d std::locale::_Init 30717->30719 30858 5e06c0 2 API calls 4 library calls 30717->30858 30718 589ba3 30844 65d168 30718->30844 30725 5da480 2 API calls 30719->30725 30722 588411 30722->30661 30722->30667 30722->30722 30728 5889a7 std::ios_base::_Ios_base_dtor 30725->30728 30726->30654 30726->30690 30727 588a8d std::ios_base::_Ios_base_dtor 30729 5da770 2 API calls 30727->30729 30728->30697 30728->30727 30730 588aba 30729->30730 30731 57a600 5 API calls 30730->30731 30732 588abf 30731->30732 30732->30645 30732->30732 30733 572ae0 2 API calls 30732->30733 30734 588c04 30733->30734 30859 5de530 RtlAllocateHeap RtlAllocateHeap std::locale::_Init 30734->30859 30736 588c90 30737 5da480 2 API calls 30736->30737 30738 588ca2 30737->30738 30739 588d43 std::locale::_Init 30738->30739 30860 5e06c0 2 API calls 4 library calls 30738->30860 30741 5da480 2 API calls 30739->30741 30742 588e17 30741->30742 30743 588eb2 std::locale::_Init 30742->30743 30861 5e06c0 2 API calls 4 library calls 30742->30861 30745 5da480 2 API calls 30743->30745 30746 588f88 std::ios_base::_Ios_base_dtor 30745->30746 30747 5da770 2 API calls 30746->30747 30748 5891fc 30747->30748 30862 585b90 7 API calls 3 library calls 30748->30862 30750 589203 30751 572ae0 2 API calls 30750->30751 30752 589313 30751->30752 30863 5de530 RtlAllocateHeap RtlAllocateHeap std::locale::_Init 30752->30863 30754 589395 30755 5da480 2 API calls 30754->30755 30756 5893a7 30755->30756 30757 58941e std::locale::_Init 30756->30757 30864 5e06c0 2 API calls 4 library calls 30756->30864 30759 5da480 2 API calls 30757->30759 30760 5894bc 30759->30760 30761 589557 std::locale::_Init 30760->30761 30865 5e06c0 2 API calls 4 library calls 30760->30865 30763 5da480 2 API calls 30761->30763 30765 589627 std::ios_base::_Ios_base_dtor 30763->30765 30764 5da770 2 API calls 30766 589878 30764->30766 30765->30764 30866 585b90 7 API calls 3 library calls 30766->30866 30769 5e2112 30768->30769 30772 5e213d std::locale::_Init 30768->30772 30770 5e211f 30769->30770 30773 5e216b 30769->30773 30774 5e2162 30769->30774 30875 64f290 30770->30875 30772->30627 30773->30772 30777 64f290 std::_Facet_Register 2 API calls 30773->30777 30774->30770 30776 5e21bc 30774->30776 30775 5e2132 30775->30772 30779 6547b0 RtlAllocateHeap 30775->30779 30883 5721d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 30776->30883 30777->30772 30780 5e21c6 30779->30780 30884 65d7d6 RtlAllocateHeap ___std_exception_destroy 30780->30884 30782 5e21e4 std::ios_base::_Ios_base_dtor 30782->30627 30784 572ba5 30783->30784 30789 572af6 30783->30789 30893 572270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 30784->30893 30785 572b02 std::locale::_Init 30785->30633 30787 572baa 30894 5721d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 30787->30894 30789->30785 30790 572b65 30789->30790 30792 572b2a 30789->30792 30793 572b6e 30789->30793 30790->30787 30790->30792 30791 64f290 std::_Facet_Register 2 API calls 30794 572b3d 30791->30794 30792->30791 30797 64f290 std::_Facet_Register 2 API calls 30793->30797 30798 572b46 std::locale::_Init 30793->30798 30795 6547b0 RtlAllocateHeap 30794->30795 30794->30798 30796 572bb4 30795->30796 30797->30798 30798->30633 30800 5da490 30799->30800 30800->30800 30803 5da4a7 std::locale::_Init 30800->30803 30895 5e06c0 2 API calls 4 library calls 30800->30895 30802 5da4e2 30802->30639 30803->30639 30896 64e5ec 30804->30896 30806 588135 30806->30649 30806->30650 30808 5da799 30807->30808 30809 5da851 30808->30809 30813 5da7aa 30808->30813 30904 572270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 30809->30904 30811 5da856 30905 5721d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 30811->30905 30814 5da7b6 std::locale::_Init 30813->30814 30815 5da7db 30813->30815 30817 5da81d 30813->30817 30818 5da814 30813->30818 30814->30712 30819 64f290 std::_Facet_Register 2 API calls 30815->30819 30816 5da7ee 30820 6547b0 RtlAllocateHeap 30816->30820 30823 5da7f5 std::locale::_Init 30816->30823 30822 64f290 std::_Facet_Register 2 API calls 30817->30822 30817->30823 30818->30811 30818->30815 30819->30816 30821 5da860 30820->30821 30821->30712 30822->30823 30823->30712 30825 57a610 30824->30825 30826 655362 RtlAllocateHeap 30825->30826 30827 57a638 30826->30827 30828 658be8 5 API calls 30827->30828 30830 57a645 30827->30830 30828->30830 30829 57a674 std::ios_base::_Ios_base_dtor 30829->30722 30830->30829 30831 6547b0 RtlAllocateHeap 30830->30831 30832 57a68a 30831->30832 30834 5da504 30833->30834 30837 5da514 std::locale::_Init 30834->30837 30906 5e06c0 2 API calls 4 library calls 30834->30906 30836 5da55a 30836->30698 30837->30698 30907 6552a0 30838->30907 30840 589b91 30840->30726 30841 5840e0 30840->30841 30940 64ec6a 30841->30940 30843 5840eb __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 30843->30718 30845 65d17b __fread_nolock 30844->30845 30947 65cf4a 30845->30947 30847 65d190 30955 6544dc 30847->30955 30850 658be8 30851 658bfb __fread_nolock 30850->30851 30965 658ac3 30851->30965 30853 658c07 30854 6544dc __fread_nolock RtlAllocateHeap 30853->30854 30855 658c13 30854->30855 30855->30680 30856->30642 30857->30696 30858->30719 30859->30736 30860->30739 30861->30743 30862->30750 30863->30754 30864->30757 30865->30761 30866->30645 30868->30658 31102 6546ec RtlAllocateHeap __fread_nolock 30869->31102 30871 6547bf __Getctype 30873->30697 30874->30672 30877 64f295 std::_Facet_Register 30875->30877 30878 64f2af 30877->30878 30880 5721d0 Concurrency::cancel_current_task 30877->30880 30885 65df2c 30877->30885 30878->30775 30879 64f2bb 30879->30879 30880->30879 30891 650651 RtlAllocateHeap RtlAllocateHeap ___std_exception_destroy ___std_exception_copy 30880->30891 30882 572213 30882->30775 30883->30775 30884->30782 30890 666e2d __Getctype std::_Facet_Register 30885->30890 30886 666e6b 30892 65d23f RtlAllocateHeap __dosmaperr 30886->30892 30887 666e56 RtlAllocateHeap 30889 666e69 30887->30889 30887->30890 30889->30877 30890->30886 30890->30887 30891->30882 30892->30889 30893->30787 30894->30794 30895->30802 30897 64e64e 30896->30897 30899 64e614 _ValidateLocalCookies 30896->30899 30897->30899 30902 64ec91 GetSystemTimePreciseAsFileTime __aulldiv __aullrem __Xtime_get_ticks 30897->30902 30899->30806 30900 64e6a4 __Xtime_diff_to_millis2 30900->30899 30903 64ec91 GetSystemTimePreciseAsFileTime __aulldiv __aullrem __Xtime_get_ticks 30900->30903 30902->30900 30903->30900 30904->30811 30905->30816 30906->30836 30908 6552ac __fread_nolock 30907->30908 30909 6552b3 30908->30909 30912 6552d3 30908->30912 30925 65d23f RtlAllocateHeap __dosmaperr 30909->30925 30911 6552b8 30926 6547a0 RtlAllocateHeap __fread_nolock 30911->30926 30914 6552e5 30912->30914 30915 6552d8 30912->30915 30921 666688 30914->30921 30927 65d23f RtlAllocateHeap __dosmaperr 30915->30927 30918 6552ee 30920 6552c3 30918->30920 30928 65d23f RtlAllocateHeap __dosmaperr 30918->30928 30920->30840 30922 666694 __fread_nolock std::_Lockit::_Lockit 30921->30922 30929 66672c 30922->30929 30924 6666af 30924->30918 30925->30911 30926->30920 30927->30920 30928->30920 30933 66674f __fread_nolock 30929->30933 30931 6667b0 30939 666db3 RtlAllocateHeap __dosmaperr 30931->30939 30933->30933 30934 666795 __fread_nolock 30933->30934 30935 6663f3 30933->30935 30934->30924 30938 666400 __Getctype std::_Facet_Register 30935->30938 30936 66642b RtlAllocateHeap 30937 66643e __dosmaperr 30936->30937 30936->30938 30937->30931 30938->30936 30938->30937 30939->30934 30943 64f26a 30940->30943 30944 64f27b GetSystemTimePreciseAsFileTime 30943->30944 30946 64ec78 30943->30946 30944->30946 30946->30843 30948 65cf80 30947->30948 30949 65cf58 30947->30949 30948->30847 30949->30948 30950 65cf65 30949->30950 30951 65cf87 30949->30951 30961 654723 RtlAllocateHeap __fread_nolock __Getctype 30950->30961 30962 65cea3 SetFilePointerEx WriteFile RtlAllocateHeap RtlAllocateHeap __fread_nolock 30951->30962 30954 65cfbf 30954->30847 30956 6544e8 30955->30956 30957 6544ff 30956->30957 30963 654587 RtlAllocateHeap __fread_nolock __Getctype 30956->30963 30958 589c2a 30957->30958 30964 654587 RtlAllocateHeap __fread_nolock __Getctype 30957->30964 30958->30850 30961->30948 30962->30954 30963->30957 30964->30958 30966 658acf __fread_nolock 30965->30966 30967 658ad9 30966->30967 30969 658afc __fread_nolock 30966->30969 30986 654723 RtlAllocateHeap __fread_nolock __Getctype 30967->30986 30971 658af4 30969->30971 30972 658b5a 30969->30972 30971->30853 30973 658b67 30972->30973 30974 658b8a 30972->30974 31011 654723 RtlAllocateHeap __fread_nolock __Getctype 30973->31011 30976 658b82 30974->30976 30987 6555d3 30974->30987 30976->30971 30982 658bb6 31004 664a3f 30982->31004 30986->30971 30988 655613 30987->30988 30989 6555ec 30987->30989 30993 666ded 30988->30993 30989->30988 30990 665f82 __fread_nolock RtlAllocateHeap 30989->30990 30991 655608 30990->30991 31013 66538b 30991->31013 30994 666e04 30993->30994 30995 658baa 30993->30995 30994->30995 31081 666db3 RtlAllocateHeap __dosmaperr 30994->31081 30997 665f82 30995->30997 30998 665fa3 30997->30998 30999 665f8e 30997->30999 30998->30982 31082 65d23f RtlAllocateHeap __dosmaperr 30999->31082 31001 665f93 31083 6547a0 RtlAllocateHeap __fread_nolock 31001->31083 31003 665f9e 31003->30982 31005 664a68 31004->31005 31010 658bbd 31004->31010 31006 664ab7 31005->31006 31008 664a8f 31005->31008 31088 654723 RtlAllocateHeap __fread_nolock __Getctype 31006->31088 31084 6649ae 31008->31084 31010->30976 31012 666db3 RtlAllocateHeap __dosmaperr 31010->31012 31011->30976 31012->30976 31014 665397 __fread_nolock 31013->31014 31015 6653d8 31014->31015 31017 66541e 31014->31017 31019 66539f 31014->31019 31034 654723 RtlAllocateHeap __fread_nolock __Getctype 31015->31034 31017->31019 31020 66549c 31017->31020 31019->30988 31021 6654c4 31020->31021 31033 6654e7 __fread_nolock 31020->31033 31022 6654c8 31021->31022 31024 665523 31021->31024 31040 654723 RtlAllocateHeap __fread_nolock __Getctype 31022->31040 31025 665541 31024->31025 31041 65e17d 31024->31041 31035 664fe1 31025->31035 31029 6655a0 31031 665609 WriteFile 31029->31031 31029->31033 31030 665559 31030->31033 31044 664bb2 RtlAllocateHeap RtlAllocateHeap std::locale::_Init std::_Locinfo::_Locinfo_dtor _ValidateLocalCookies 31030->31044 31031->31033 31033->31019 31034->31019 31045 670d44 31035->31045 31037 664ff3 31039 665021 31037->31039 31054 659d10 RtlAllocateHeap RtlAllocateHeap __fread_nolock std::_Locinfo::_Locinfo_dtor 31037->31054 31039->31029 31039->31030 31040->31033 31058 65e05c 31041->31058 31043 65e196 31043->31025 31044->31033 31046 670d51 31045->31046 31047 670d5e 31045->31047 31055 65d23f RtlAllocateHeap __dosmaperr 31046->31055 31050 670d6a 31047->31050 31056 65d23f RtlAllocateHeap __dosmaperr 31047->31056 31049 670d56 31049->31037 31050->31037 31052 670d8b 31057 6547a0 RtlAllocateHeap __fread_nolock 31052->31057 31054->31039 31055->31049 31056->31052 31057->31049 31063 66a6de 31058->31063 31060 65e06e 31061 65e08a SetFilePointerEx 31060->31061 31062 65e076 __fread_nolock 31060->31062 31061->31062 31062->31043 31064 66a6eb 31063->31064 31066 66a700 31063->31066 31076 65d22c RtlAllocateHeap __dosmaperr 31064->31076 31070 66a725 31066->31070 31078 65d22c RtlAllocateHeap __dosmaperr 31066->31078 31067 66a6f0 31077 65d23f RtlAllocateHeap __dosmaperr 31067->31077 31070->31060 31071 66a730 31079 65d23f RtlAllocateHeap __dosmaperr 31071->31079 31072 66a6f8 31072->31060 31074 66a738 31080 6547a0 RtlAllocateHeap __fread_nolock 31074->31080 31076->31067 31077->31072 31078->31071 31079->31074 31080->31072 31081->30995 31082->31001 31083->31003 31085 6649ba __fread_nolock 31084->31085 31087 6649f9 31085->31087 31089 664b12 31085->31089 31087->31010 31088->31010 31090 66a6de __fread_nolock RtlAllocateHeap 31089->31090 31093 664b22 31090->31093 31091 664b28 31101 66a64d RtlAllocateHeap __dosmaperr 31091->31101 31093->31091 31094 664b5a 31093->31094 31096 66a6de __fread_nolock RtlAllocateHeap 31093->31096 31094->31091 31095 66a6de __fread_nolock RtlAllocateHeap 31094->31095 31098 664b66 FindCloseChangeNotification 31095->31098 31097 664b51 31096->31097 31099 66a6de __fread_nolock RtlAllocateHeap 31097->31099 31098->31091 31099->31094 31100 664b80 __fread_nolock 31100->31087 31101->31100 31102->30871 31475 57c430 22 API calls __fread_nolock 31540 57af30 4 API calls 2 library calls 31543 57972e 9 API calls std::ios_base::_Ios_base_dtor 31553 584dc9 11 API calls 31559 5803fa 16 API calls 2 library calls 31492 5848e0 16 API calls 31494 585498 GetPEB GetPEB GetPEB GetPEB GetPEB 31572 575f90 6 API calls std::ios_base::_Ios_base_dtor 31103 57a090 31104 64f290 std::_Facet_Register 2 API calls 31103->31104 31105 57a0c8 31104->31105 31106 572ae0 2 API calls 31105->31106 31107 57a10b 31106->31107 31108 655362 RtlAllocateHeap 31107->31108 31109 57a157 31108->31109 31110 57a1c1 31109->31110 31111 659136 4 API calls 31109->31111 31112 57a1ea std::ios_base::_Ios_base_dtor 31110->31112 31116 6547b0 RtlAllocateHeap 31110->31116 31113 57a16a 31111->31113 31114 654eeb 2 API calls 31113->31114 31115 57a170 31114->31115 31117 659136 4 API calls 31115->31117 31118 57a20c 31116->31118 31119 57a17c 31117->31119 31120 64f290 std::_Facet_Register 2 API calls 31118->31120 31122 5dcf60 2 API calls 31119->31122 31124 57a18b 31119->31124 31121 57a248 31120->31121 31123 572ae0 2 API calls 31121->31123 31122->31124 31126 57a28b 31123->31126 31125 65dbdf __fread_nolock 4 API calls 31124->31125 31127 57a1bb 31125->31127 31128 655362 RtlAllocateHeap 31126->31128 31129 658be8 5 API calls 31127->31129 31130 57a2d7 31128->31130 31129->31110 31135 57a34e 31130->31135 31157 659136 31130->31157 31132 57a377 std::ios_base::_Ios_base_dtor 31135->31132 31136 6547b0 RtlAllocateHeap 31135->31136 31140 57a399 31136->31140 31138 659136 4 API calls 31139 57a2fc 31138->31139 31144 57a318 31139->31144 31169 5dcf60 31139->31169 31142 655362 RtlAllocateHeap 31140->31142 31143 57a3d8 31142->31143 31147 659136 4 API calls 31143->31147 31150 57a3f9 31143->31150 31174 65dbdf 31144->31174 31145 57a423 std::ios_base::_Ios_base_dtor 31149 57a3eb 31147->31149 31152 654eeb 2 API calls 31149->31152 31150->31145 31153 6547b0 RtlAllocateHeap 31150->31153 31151 658be8 5 API calls 31151->31135 31154 57a3f1 31152->31154 31155 57a439 31153->31155 31156 658be8 5 API calls 31154->31156 31156->31150 31158 659149 __fread_nolock 31157->31158 31177 658e8d 31158->31177 31160 65915e 31161 6544dc __fread_nolock RtlAllocateHeap 31160->31161 31162 57a2ea 31161->31162 31163 654eeb 31162->31163 31164 654efe __fread_nolock 31163->31164 31199 654801 31164->31199 31166 654f0a 31167 6544dc __fread_nolock RtlAllocateHeap 31166->31167 31168 57a2f0 31167->31168 31168->31138 31170 5dcfa7 31169->31170 31173 5dcf78 __fread_nolock 31169->31173 31237 5e0560 31170->31237 31172 5dcfba 31172->31144 31173->31144 31254 65dbfc 31174->31254 31176 57a348 31176->31151 31178 658e99 __fread_nolock 31177->31178 31179 658e9f 31178->31179 31181 658ee2 __fread_nolock 31178->31181 31193 654723 RtlAllocateHeap __fread_nolock __Getctype 31179->31193 31184 659010 31181->31184 31183 658eba 31183->31160 31185 659036 31184->31185 31186 659023 31184->31186 31194 658f37 31185->31194 31186->31183 31188 6590e7 31188->31183 31189 659059 31189->31188 31190 6555d3 4 API calls 31189->31190 31192 659087 31190->31192 31191 65e17d 2 API calls 31191->31188 31192->31191 31193->31183 31195 658f48 31194->31195 31196 658fa0 31194->31196 31195->31196 31198 65e13d SetFilePointerEx RtlAllocateHeap __fread_nolock 31195->31198 31196->31189 31198->31196 31200 65480d __fread_nolock 31199->31200 31201 654835 __fread_nolock 31200->31201 31202 654814 31200->31202 31206 654910 31201->31206 31209 654723 RtlAllocateHeap __fread_nolock __Getctype 31202->31209 31205 65482d 31205->31166 31210 654942 31206->31210 31208 654922 31208->31205 31209->31205 31211 654951 31210->31211 31212 654979 31210->31212 31226 654723 RtlAllocateHeap __fread_nolock __Getctype 31211->31226 31214 665f82 __fread_nolock RtlAllocateHeap 31212->31214 31215 654982 31214->31215 31223 65e11f 31215->31223 31218 654a2c 31227 654cae SetFilePointerEx RtlAllocateHeap __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z _ValidateLocalCookies 31218->31227 31220 654a43 31222 65496c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 31220->31222 31228 654ae3 SetFilePointerEx RtlAllocateHeap __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 31220->31228 31222->31208 31229 65df37 31223->31229 31225 6549a0 31225->31218 31225->31220 31225->31222 31226->31222 31227->31222 31228->31222 31232 65df43 __fread_nolock 31229->31232 31230 65df4b 31230->31225 31231 65df86 31236 654723 RtlAllocateHeap __fread_nolock __Getctype 31231->31236 31232->31230 31232->31231 31234 65dfcc 31232->31234 31234->31230 31235 65e05c __fread_nolock 2 API calls 31234->31235 31235->31230 31236->31230 31238 5e06a9 31237->31238 31242 5e0585 31237->31242 31252 572270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 31238->31252 31240 5e06ae 31253 5721d0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task ___std_exception_copy 31240->31253 31244 5e05e3 31242->31244 31245 5e05f0 31242->31245 31247 5e059a 31242->31247 31243 64f290 std::_Facet_Register 2 API calls 31250 5e05aa __fread_nolock std::locale::_Init 31243->31250 31244->31240 31244->31247 31249 64f290 std::_Facet_Register 2 API calls 31245->31249 31245->31250 31246 6547b0 RtlAllocateHeap 31248 5e06b8 31246->31248 31247->31243 31249->31250 31250->31246 31251 5e0667 std::ios_base::_Ios_base_dtor __fread_nolock std::locale::_Init 31250->31251 31251->31172 31252->31240 31253->31250 31256 65dc08 __fread_nolock 31254->31256 31255 65dc40 __fread_nolock 31255->31176 31256->31255 31257 65dc52 __fread_nolock 31256->31257 31258 65dc1b __fread_nolock 31256->31258 31263 65da06 31257->31263 31276 65d23f RtlAllocateHeap __dosmaperr 31258->31276 31261 65dc35 31277 6547a0 RtlAllocateHeap __fread_nolock 31261->31277 31267 65da18 __fread_nolock 31263->31267 31269 65da35 31263->31269 31264 65da25 31337 65d23f RtlAllocateHeap __dosmaperr 31264->31337 31266 65da2a 31338 6547a0 RtlAllocateHeap __fread_nolock 31266->31338 31267->31264 31267->31269 31271 65da76 __fread_nolock 31267->31271 31269->31255 31270 65dba1 __fread_nolock 31340 65d23f RtlAllocateHeap __dosmaperr 31270->31340 31271->31269 31271->31270 31273 665f82 __fread_nolock RtlAllocateHeap 31271->31273 31278 664623 31271->31278 31339 658a2b RtlAllocateHeap __fread_nolock __dosmaperr std::locale::_Init 31271->31339 31273->31271 31276->31261 31277->31255 31279 664635 31278->31279 31280 66464d 31278->31280 31341 65d22c RtlAllocateHeap __dosmaperr 31279->31341 31282 66498f 31280->31282 31286 664690 31280->31286 31360 65d22c RtlAllocateHeap __dosmaperr 31282->31360 31283 66463a 31342 65d23f RtlAllocateHeap __dosmaperr 31283->31342 31289 66469b 31286->31289 31291 664642 31286->31291 31296 6646cb 31286->31296 31287 664994 31361 65d23f RtlAllocateHeap __dosmaperr 31287->31361 31343 65d22c RtlAllocateHeap __dosmaperr 31289->31343 31290 6646a8 31362 6547a0 RtlAllocateHeap __fread_nolock 31290->31362 31291->31271 31293 6646a0 31344 65d23f RtlAllocateHeap __dosmaperr 31293->31344 31297 6646e4 31296->31297 31298 6646f1 31296->31298 31299 66471f 31296->31299 31297->31298 31303 66470d 31297->31303 31345 65d22c RtlAllocateHeap __dosmaperr 31298->31345 31348 666e2d RtlAllocateHeap RtlAllocateHeap __dosmaperr __Getctype std::_Facet_Register 31299->31348 31302 6646f6 31346 65d23f RtlAllocateHeap __dosmaperr 31302->31346 31306 670d44 __fread_nolock RtlAllocateHeap 31303->31306 31304 664730 31349 666db3 RtlAllocateHeap __dosmaperr 31304->31349 31320 66486b 31306->31320 31308 6646fd 31347 6547a0 RtlAllocateHeap __fread_nolock 31308->31347 31309 664739 31350 666db3 RtlAllocateHeap __dosmaperr 31309->31350 31311 6648e3 ReadFile 31313 664957 31311->31313 31314 6648fb 31311->31314 31324 664964 31313->31324 31325 6648b5 31313->31325 31314->31313 31316 6648d4 31314->31316 31315 664740 31317 664765 31315->31317 31318 66474a 31315->31318 31328 664937 31316->31328 31329 664920 31316->31329 31336 664708 __fread_nolock 31316->31336 31353 65e13d SetFilePointerEx RtlAllocateHeap __fread_nolock 31317->31353 31351 65d23f RtlAllocateHeap __dosmaperr 31318->31351 31320->31311 31323 66489b 31320->31323 31323->31316 31323->31325 31358 65d23f RtlAllocateHeap __dosmaperr 31324->31358 31325->31336 31354 65d1e5 RtlAllocateHeap __dosmaperr 31325->31354 31326 66474f 31352 65d22c RtlAllocateHeap __dosmaperr 31326->31352 31328->31336 31357 66417b SetFilePointerEx RtlAllocateHeap __fread_nolock 31328->31357 31356 664335 SetFilePointerEx RtlAllocateHeap __fread_nolock __dosmaperr 31329->31356 31331 664969 31359 65d22c RtlAllocateHeap __dosmaperr 31331->31359 31355 666db3 RtlAllocateHeap __dosmaperr 31336->31355 31337->31266 31338->31269 31339->31271 31340->31266 31341->31283 31342->31291 31343->31293 31344->31290 31345->31302 31346->31308 31347->31336 31348->31304 31349->31309 31350->31315 31351->31326 31352->31336 31353->31303 31354->31336 31355->31291 31356->31336 31357->31336 31358->31331 31359->31336 31360->31287 31361->31290 31362->31291 31363 57a690 31364 64e812 GetSystemTimePreciseAsFileTime 31363->31364 31365 57a6a2 31364->31365 31366 57a6fe 31365->31366 31368 57a6a9 31365->31368 31377 64e4bb 6 API calls std::locale::_Setgloballocale 31366->31377 31372 57a6bd GetFileAttributesA 31368->31372 31373 57a6c9 __Mtx_unlock 31368->31373 31372->31373 31499 584490 RegOpenKeyExA RegOpenKeyExA RtlAllocateHeap RtlAllocateHeap std::ios_base::_Ios_base_dtor 31504 58f880 Sleep RtlAllocateHeap RtlAllocateHeap 31579 5857b8 GetPEB GetPEB 31511 57d892 20 API calls __fread_nolock 31378 57b6a0 31383 57b6fe __Getctype 31378->31383 31379 57b80c std::ios_base::_Ios_base_dtor 31380 57b7e1 31380->31379 31381 6547b0 RtlAllocateHeap 31380->31381 31384 57b82c 31381->31384 31383->31380 31387 57b7d2 31383->31387 31391 57b7d8 31383->31391 31431 5da350 2 API calls 4 library calls 31383->31431 31385 572ae0 2 API calls 31384->31385 31386 57b8d9 RegOpenKeyExA 31385->31386 31390 57b954 RegQueryValueExA 31386->31390 31395 57b9dc 31386->31395 31432 65d7d6 RtlAllocateHeap ___std_exception_destroy 31387->31432 31394 57b9b3 31390->31394 31390->31395 31433 65d7d6 RtlAllocateHeap ___std_exception_destroy 31391->31433 31434 5da350 2 API calls 4 library calls 31394->31434 31395->31395 31396 572ae0 2 API calls 31395->31396 31397 57ba59 __fread_nolock 31396->31397 31399 57ba6d GetCurrentHwProfileA 31397->31399 31400 57ba81 31399->31400 31401 57baac 31399->31401 31435 5da350 2 API calls 4 library calls 31400->31435 31402 57bab4 SetupDiGetClassDevsA 31401->31402 31404 57bb0d 31402->31404 31407 57badb 31402->31407 31436 57b1a0 9 API calls ___std_exception_copy 31404->31436 31406 57bb1b 31406->31407 31408 57c141 31407->31408 31409 57bb5e 31407->31409 31440 572270 RtlAllocateHeap RtlAllocateHeap __fread_nolock 31408->31440 31411 5e20e0 2 API calls 31409->31411 31414 57bb89 31411->31414 31412 57c146 31413 6547b0 RtlAllocateHeap 31412->31413 31430 57c065 std::ios_base::_Ios_base_dtor 31413->31430 31416 57bbbc std::locale::_Init 31414->31416 31437 5e06c0 2 API calls 4 library calls 31414->31437 31415 6547b0 RtlAllocateHeap 31418 57c150 31415->31418 31419 5da480 2 API calls 31416->31419 31420 57bc62 31419->31420 31438 5e1ed0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task std::locale::_Init std::_Facet_Register 31420->31438 31422 57bcb5 31423 5da480 2 API calls 31422->31423 31424 57bcc8 31423->31424 31439 5e1ed0 RtlAllocateHeap RtlAllocateHeap Concurrency::cancel_current_task std::locale::_Init std::_Facet_Register 31424->31439 31426 57bd2c std::ios_base::_Ios_base_dtor 31426->31412 31427 57bf0a std::ios_base::_Ios_base_dtor std::locale::_Init 31426->31427 31428 572ae0 2 API calls 31427->31428 31428->31430 31429 57c124 std::ios_base::_Ios_base_dtor 31430->31415 31430->31429 31431->31387 31432->31391 31433->31380 31434->31395 31435->31401 31436->31406 31437->31416 31438->31422 31439->31426 31440->31412 31441 58e0a0 WSAStartup 31442 58e0d8 31441->31442 31446 58e1a7 31441->31446 31443 58e175 socket 31442->31443 31442->31446 31444 58e18b connect 31443->31444 31443->31446 31445 58e19d closesocket 31444->31445 31444->31446 31445->31443 31445->31446 31516 58c0a0 14 API calls std::_Facet_Register 31517 583aa0 18 API calls 2 library calls

              Executed Functions

              Function 00587E3E Relevance: 63.5, APIs: 7, Strings: 28, Instructions: 2282COMMON
              Download Yara Rule
              APIs
              • GetUserNameA.ADVAPI32(?,00000104,?,?,?), ref: 00588006
              • GetFileAttributesA.KERNELBASE(?,00000001,?,?,?,?), ref: 0058815D
              • __Mtx_unlock.LIBCPMT ref: 00588186
              • __Mtx_unlock.LIBCPMT ref: 00588195
              • GetFileAttributesA.KERNELBASE(?,?,0000005C,00000000,00000001), ref: 00588751
              • __Mtx_unlock.LIBCPMT ref: 0058877A
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: Mtx_unlock$AttributesFile$NameUser
              • String ID: $*`'$$*`'$$*tk$'[_+$'[_+$(ACL$*$+$+wj'$.$.$131$@@MC$DH][$IMG$OFMM$P?Y$Q>5$RM[#$\$\$agnd$bqZP$e`vf$e`vf$ec`v$rnql${~RL
              • API String ID: 1275484822-2283491884
              • Opcode ID: 8583292f6d5933e6260071c9a1539fab81e25ba2feda32e9d92ae74e9d442bef
              • Instruction ID: 95d2103b8ffcb225db9f035027d027de0789bfc52ee2d8d1ee881b726b8cbb8e
              • Opcode Fuzzy Hash: 8583292f6d5933e6260071c9a1539fab81e25ba2feda32e9d92ae74e9d442bef
              • Instruction Fuzzy Hash: 62235B709002598FDB28DF68C888BEDBBB5FF45304F5481EDD809AB282E7719A85CF55
              Function 0057B6A0 Relevance: 21.8, APIs: 4, Strings: 8, Instructions: 840registryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 585 57b6a0-57b6fc 586 57b704-57b72d 585->586 587 57b6fe-57b701 585->587 589 57b7e5-57b7ec 586->589 590 57b733-57b743 call 6550b2 586->590 587->586 592 57b816-57b826 589->592 593 57b7ee-57b7fa 589->593 599 57b7e4 590->599 600 57b749-57b75d 590->600 595 57b80c-57b813 call 64f511 593->595 596 57b7fc-57b80a 593->596 595->592 596->595 597 57b827-57b863 call 6547b0 call 57a440 596->597 610 57b865 597->610 611 57b86a-57b87e 597->611 599->589 606 57b75f-57b78c 600->606 607 57b7db-57b7e1 call 65d7d6 600->607 606->607 615 57b78e-57b79e call 6550b2 606->615 607->599 610->611 614 57b880-57b88b 611->614 614->614 616 57b88d-57b8bd 614->616 615->607 621 57b7a0-57b7b9 615->621 618 57b8c0-57b8c5 616->618 618->618 620 57b8c7-57b921 call 572ae0 618->620 625 57b925-57b930 620->625 626 57b7d2-57b7d8 call 65d7d6 621->626 627 57b7bb-57b7bd 621->627 625->625 628 57b932-57b94e RegOpenKeyExA 625->628 626->607 629 57b7c0-57b7c5 627->629 631 57b9e5-57b9f9 628->631 632 57b954-57b97d 628->632 629->629 633 57b7c7-57b7cd call 5da350 629->633 637 57ba00-57ba0b 631->637 635 57b980-57b98b 632->635 633->626 635->635 638 57b98d-57b9b1 RegQueryValueExA 635->638 637->637 639 57ba0d-57ba3d 637->639 640 57b9b3-57b9bc 638->640 641 57b9dc-57b9df 638->641 642 57ba40-57ba45 639->642 644 57b9c0-57b9c5 640->644 641->631 642->642 643 57ba47-57ba7f call 572ae0 call 6514f0 GetCurrentHwProfileA 642->643 651 57ba81-57ba8a 643->651 652 57baac-57bad9 call 57b360 SetupDiGetClassDevsA 643->652 644->644 646 57b9c7-57b9d7 call 5da350 644->646 646->641 653 57ba90-57ba95 651->653 658 57bb0d-57bb1b call 57b1a0 652->658 659 57badb-57bb0b 652->659 653->653 655 57ba97-57baa7 call 5da350 653->655 655->652 660 57bb1e-57bb3c 658->660 659->660 662 57bb40-57bb45 660->662 662->662 664 57bb47-57bb58 662->664 665 57c141 call 572270 664->665 666 57bb5e-57bb6b 664->666 671 57c146 call 6547b0 665->671 667 57bb73-57bb9a call 5e20e0 666->667 668 57bb6d 666->668 675 57bba2-57bbba 667->675 676 57bb9c 667->676 668->667 674 57c14b-57c167 call 6547b0 671->674 685 57c182-57c185 674->685 686 57c169-57c16b 674->686 678 57bbf3-57bc08 call 5e06c0 675->678 679 57bbbc-57bbce 675->679 676->675 688 57bc0a-57bd39 call 5da480 call 5e1ed0 call 5da480 call 5e1ed0 678->688 682 57bbd6-57bbf1 call 650f70 679->682 683 57bbd0 679->683 682->688 683->682 689 57c170-57c17c 686->689 700 57bd3b-57bd4a 688->700 701 57bd6a-57bd77 688->701 689->689 692 57c17e 689->692 692->685 704 57bd60-57bd67 call 64f511 700->704 705 57bd4c-57bd5a 700->705 702 57bd79-57bd88 701->702 703 57bda8-57bdcd 701->703 706 57bd9e-57bda5 call 64f511 702->706 707 57bd8a-57bd98 702->707 708 57bdcf-57bddb 703->708 709 57bdfb-57be05 703->709 704->701 705->671 705->704 706->703 707->671 707->706 712 57bdf1-57bdf8 call 64f511 708->712 713 57bddd-57bdeb 708->713 714 57be07-57be13 709->714 715 57be33-57be52 709->715 712->709 713->671 713->712 721 57be15-57be23 714->721 722 57be29-57be30 call 64f511 714->722 717 57be54-57be63 715->717 718 57be83-57beab 715->718 724 57be65-57be73 717->724 725 57be79-57be80 call 64f511 717->725 726 57bead-57bebc 718->726 727 57bedc-57bee6 718->727 721->671 721->722 722->715 724->671 724->725 725->718 731 57bed2-57bed9 call 64f511 726->731 732 57bebe-57becc 726->732 733 57bf14-57bf9b 727->733 734 57bee8-57bef4 727->734 731->727 732->671 732->731 737 57bfa6-57bfab 733->737 738 57bf9d-57bfa3 733->738 735 57bef6-57bf04 734->735 736 57bf0a-57bf11 call 64f511 734->736 735->671 735->736 736->733 742 57bfd6-57bfd8 737->742 743 57bfad 737->743 738->737 747 57c000 742->747 748 57bfda-57bffe call 650f70 742->748 746 57bfb2-57bfce call 5f5b20 743->746 756 57bfd0 746->756 749 57c00a-57c01d call 5f5980 747->749 748->749 757 57c030-57c04f 749->757 758 57c01f-57c02f 749->758 756->742 759 57c050-57c055 757->759 758->757 759->759 760 57c057-57c06e call 572ae0 759->760 763 57c070-57c07f 760->763 764 57c09f-57c0c3 760->764 767 57c095-57c09c call 64f511 763->767 768 57c081-57c08f 763->768 765 57c0c5-57c0d6 764->765 766 57c0f8-57c101 764->766 769 57c0ee-57c0f5 call 64f511 765->769 770 57c0d8-57c0e9 765->770 771 57c103-57c112 766->771 772 57c12e-57c140 766->772 767->764 768->674 768->767 769->766 770->674 774 57c0eb 770->774 776 57c124-57c12b call 64f511 771->776 777 57c114-57c122 771->777 774->769 776->772 777->674 777->776
              APIs
              • RegOpenKeyExA.KERNELBASE(80000002,A3B0BAA7,00000000,00020019,00000000,999D9BA1,999D9BA2), ref: 0057B947
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: Open
              • String ID: :$_$_$_$`yk$bqZD$cj|n$rnql
              • API String ID: 71445658-3798079816
              • Opcode ID: 7fcbc96d0020277a09ec60512c0c9c5874136dd226c36916e357707874f1cc21
              • Instruction ID: 5b83f16a9fde6f14a4c7bcf0027ff57c121dfac028a3902a9a3e58c0f7c22bcc
              • Opcode Fuzzy Hash: 7fcbc96d0020277a09ec60512c0c9c5874136dd226c36916e357707874f1cc21
              • Instruction Fuzzy Hash: 91729E70D002599FEB18CF68DC84BEEBFB6BF45304F1481ADE409A7282D7759A85CB51
              Function 0058E0A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100networkCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1328 58e0a0-58e0d2 WSAStartup 1329 58e0d8-58e102 call 576bd0 * 2 1328->1329 1330 58e1b7-58e1c0 1328->1330 1335 58e10e-58e165 1329->1335 1336 58e104-58e108 1329->1336 1338 58e1b1 1335->1338 1339 58e167-58e16d 1335->1339 1336->1330 1336->1335 1338->1330 1340 58e16f 1339->1340 1341 58e1c5-58e1cf 1339->1341 1342 58e175-58e189 socket 1340->1342 1341->1338 1347 58e1d1-58e1d9 1341->1347 1342->1338 1344 58e18b-58e19b connect 1342->1344 1345 58e19d-58e1a5 closesocket 1344->1345 1346 58e1c1 1344->1346 1345->1342 1348 58e1a7-58e1ab 1345->1348 1346->1341 1348->1338
              APIs
              • WSAStartup.WS2_32 ref: 0058E0CB
              • socket.WS2_32(?,?,?,?,?,?,`},?,?,?,?,?,?), ref: 0058E17F
              • connect.WS2_32(00000000,?,00000000,?,?,?,`},?,?,?,?,?,?), ref: 0058E193
              • closesocket.WS2_32(00000000), ref: 0058E19E
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: Startupclosesocketconnectsocket
              • String ID: `}
              • API String ID: 3098855095-2994082506
              • Opcode ID: 22060e4916f58de1e10587e461ded564ed503448b627f1ca8e26c938f7d6f618
              • Instruction ID: bff100cc3badc5ec4ecc58a476e4b6ede7645b2044d56535c9777a9c32897fbf
              • Opcode Fuzzy Hash: 22060e4916f58de1e10587e461ded564ed503448b627f1ca8e26c938f7d6f618
              • Instruction Fuzzy Hash: 743181716043116BD721AF259C8AB2BBBE4FBC5724F015F1DFDA8A62E0D37598048B92
              Function 0064F290 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1349 64f290-64f293 1350 64f2a2-64f2a5 call 65df2c 1349->1350 1352 64f2aa-64f2ad 1350->1352 1353 64f295-64f2a0 call 6617d8 1352->1353 1354 64f2af-64f2b0 1352->1354 1353->1350 1357 64f2b1-64f2b5 1353->1357 1358 5721d0-572220 call 5721b0 call 650efb call 650651 1357->1358 1359 64f2bb 1357->1359 1359->1359
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 0057220E
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: `!W$`!W
              • API String ID: 2659868963-1309570094
              • Opcode ID: 71a4381bf4a94cb23807b68b7fced65b72febeef5bd6e0e83da91903183b439d
              • Instruction ID: 239c4bd74814bc276a4c5e9f19642c852de1349d89f76b5ba3a139b91909232f
              • Opcode Fuzzy Hash: 71a4381bf4a94cb23807b68b7fced65b72febeef5bd6e0e83da91903183b439d
              • Instruction Fuzzy Hash: C1012B3550430DABCB14AF98EC0289A7BEEEA01310F548439FE1CDB691EB70E954C794
              Function 0057A690 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1366 57a690-57a6a7 call 64e812 1369 57a6fe-57a722 call 64e4bb call 64e812 1366->1369 1370 57a6a9-57a6ab 1366->1370 1383 57a724-57a73e call 64e823 1369->1383 1384 57a73f-57a745 call 64e4bb 1369->1384 1372 57a6e7 1370->1372 1373 57a6ad-57a6af 1370->1373 1374 57a6e9-57a6fd call 64e823 1372->1374 1376 57a6b2-57a6b7 1373->1376 1376->1376 1379 57a6b9-57a6bb 1376->1379 1379->1372 1382 57a6bd-57a6c7 GetFileAttributesA 1379->1382 1385 57a6e3-57a6e5 1382->1385 1386 57a6c9-57a6d2 1382->1386 1385->1374 1386->1385 1392 57a6d4-57a6d7 1386->1392 1392->1385 1394 57a6d9-57a6dc 1392->1394 1394->1385 1395 57a6de-57a6e1 1394->1395 1395->1372 1395->1385
              APIs
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: Mtx_unlock$AttributesFile
              • String ID:
              • API String ID: 1886074773-0
              • Opcode ID: 8a10280f15d237c511ffb552f9ad795afe609a3afbb440fe105feabaa00ecc3a
              • Instruction ID: 3c0ee3c0a6b85f00b0364e2a114d3f4430df31e3274e5f988b9b44dabc7aadeb
              • Opcode Fuzzy Hash: 8a10280f15d237c511ffb552f9ad795afe609a3afbb440fe105feabaa00ecc3a
              • Instruction Fuzzy Hash: AB01D6A2E491212A5E7821B43C564BF6D4AFA93768B2D8936FC09C6247F503DD0165D3
              Function 005E0560 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 138COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1396 5e0560-5e057f 1397 5e06a9 call 572270 1396->1397 1398 5e0585-5e0598 1396->1398 1403 5e06ae call 5721d0 1397->1403 1399 5e059a 1398->1399 1400 5e05c0-5e05c8 1398->1400 1402 5e059c-5e05a1 1399->1402 1404 5e05ca-5e05cf 1400->1404 1405 5e05d1-5e05d5 1400->1405 1406 5e05a4-5e05a5 call 64f290 1402->1406 1411 5e06b3-5e06b8 call 6547b0 1403->1411 1404->1402 1408 5e05d9-5e05e1 1405->1408 1409 5e05d7 1405->1409 1414 5e05aa-5e05af 1406->1414 1412 5e05e3-5e05e8 1408->1412 1413 5e05f0-5e05f2 1408->1413 1409->1408 1412->1403 1416 5e05ee 1412->1416 1417 5e05f4-5e05ff call 64f290 1413->1417 1418 5e0601 1413->1418 1414->1411 1420 5e05b5-5e05be 1414->1420 1416->1406 1419 5e0603-5e0629 1417->1419 1418->1419 1424 5e062b-5e0655 call 650f70 call 6514f0 1419->1424 1425 5e0680-5e06a6 call 650f70 call 6514f0 1419->1425 1420->1419 1434 5e0669-5e067d call 64f511 1424->1434 1435 5e0657-5e0665 1424->1435 1435->1411 1436 5e0667 1435->1436 1436->1434
              APIs
              • Concurrency::cancel_current_task.LIBCPMT ref: 005E06AE
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: Concurrency::cancel_current_task
              • String ID: 5X
              • API String ID: 118556049-3676709275
              • Opcode ID: 704878a6fb962aec51445f9c7907984ce5d7d965d91800b1a8fb89f3cbd27ced
              • Instruction ID: 22d6fdfd7eb2f3b5125fd676be289f3654354ece26c276f972b326d39730b22b
              • Opcode Fuzzy Hash: 704878a6fb962aec51445f9c7907984ce5d7d965d91800b1a8fb89f3cbd27ced
              • Instruction Fuzzy Hash: E041E572A001549BCB19EF69D88066E7FA6BF89310F14056AFC45DB382D770DEA08BE1
              Function 0057A090 Relevance: 3.3, APIs: 2, Instructions: 342COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1439 57a090-57a12b call 64f290 call 572ae0 1444 57a130-57a13b 1439->1444 1444->1444 1445 57a13d-57a148 1444->1445 1446 57a14d-57a15e call 655362 1445->1446 1447 57a14a 1445->1447 1450 57a1c4-57a1ca 1446->1450 1451 57a160-57a189 call 659136 call 654eeb call 659136 1446->1451 1447->1446 1452 57a1f4-57a206 1450->1452 1453 57a1cc-57a1d8 1450->1453 1468 57a19b-57a1a2 call 5dcf60 1451->1468 1469 57a18b-57a18f 1451->1469 1455 57a1ea-57a1f1 call 64f511 1453->1455 1456 57a1da-57a1e8 1453->1456 1455->1452 1456->1455 1459 57a207-57a2ab call 6547b0 call 64f290 call 572ae0 1456->1459 1479 57a2b0-57a2bb 1459->1479 1475 57a1a7-57a1ad 1468->1475 1471 57a193-57a199 1469->1471 1472 57a191 1469->1472 1471->1475 1472->1471 1477 57a1b1-57a1c1 call 65dbdf call 658be8 1475->1477 1478 57a1af 1475->1478 1477->1450 1478->1477 1479->1479 1481 57a2bd-57a2c8 1479->1481 1482 57a2cd-57a2de call 655362 1481->1482 1483 57a2ca 1481->1483 1489 57a351-57a357 1482->1489 1490 57a2e0-57a305 call 659136 call 654eeb call 659136 1482->1490 1483->1482 1492 57a381-57a393 1489->1492 1493 57a359-57a365 1489->1493 1508 57a307 1490->1508 1509 57a30c-57a316 1490->1509 1495 57a377-57a37e call 64f511 1493->1495 1496 57a367-57a375 1493->1496 1495->1492 1496->1495 1498 57a394-57a3ae call 6547b0 1496->1498 1505 57a3b0-57a3bb 1498->1505 1505->1505 1507 57a3bd-57a3c8 1505->1507 1510 57a3cd-57a3df call 655362 1507->1510 1511 57a3ca 1507->1511 1508->1509 1512 57a328-57a32f call 5dcf60 1509->1512 1513 57a318-57a31c 1509->1513 1522 57a3e1-57a3f9 call 659136 call 654eeb call 658be8 1510->1522 1523 57a3fc-57a403 1510->1523 1511->1510 1518 57a334-57a33a 1512->1518 1516 57a320-57a326 1513->1516 1517 57a31e 1513->1517 1516->1518 1517->1516 1520 57a33e-57a349 call 65dbdf call 658be8 1518->1520 1521 57a33c 1518->1521 1538 57a34e 1520->1538 1521->1520 1522->1523 1524 57a405-57a411 1523->1524 1525 57a42d-57a433 1523->1525 1528 57a423-57a42a call 64f511 1524->1528 1529 57a413-57a421 1524->1529 1528->1525 1529->1528 1532 57a434-57a439 call 6547b0 1529->1532 1538->1489
              APIs
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: __fread_nolock
              • String ID:
              • API String ID: 2638373210-0
              • Opcode ID: 50572929f7ddcad43e8e4ed890fd7e4b86808fc17b9dc722014a59671a1501f2
              • Instruction ID: 3190474fed5c2db0b4832a97588897d772f07a00b503be8c225ce70479c44108
              • Opcode Fuzzy Hash: 50572929f7ddcad43e8e4ed890fd7e4b86808fc17b9dc722014a59671a1501f2
              • Instruction Fuzzy Hash: A8B14970900205AFDB18DF68DC4AB9EBFE9FF81700F10856DF8099B682D7B59A45C792
              Function 00664623 Relevance: 3.3, APIs: 2, Instructions: 297COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1543 664623-664633 1544 664635-664648 call 65d22c call 65d23f 1543->1544 1545 66464d-66464f 1543->1545 1562 6649a7 1544->1562 1547 664655-66465b 1545->1547 1548 66498f-66499c call 65d22c call 65d23f 1545->1548 1547->1548 1550 664661-66468a 1547->1550 1564 6649a2 call 6547a0 1548->1564 1550->1548 1553 664690-664699 1550->1553 1557 6646b3-6646b5 1553->1557 1558 66469b-6646ae call 65d22c call 65d23f 1553->1558 1560 66498b-66498d 1557->1560 1561 6646bb-6646bf 1557->1561 1558->1564 1566 6649aa-6649ad 1560->1566 1561->1560 1565 6646c5-6646c9 1561->1565 1562->1566 1564->1562 1565->1558 1570 6646cb-6646e2 1565->1570 1572 664717-66471d 1570->1572 1573 6646e4-6646e7 1570->1573 1574 6646f1-664708 call 65d22c call 65d23f call 6547a0 1572->1574 1575 66471f-664726 1572->1575 1576 66470d-664715 1573->1576 1577 6646e9-6646ef 1573->1577 1608 6648c2 1574->1608 1579 66472a-664748 call 666e2d call 666db3 * 2 1575->1579 1580 664728 1575->1580 1578 66478a-6647a9 1576->1578 1577->1574 1577->1576 1582 664865-66486e call 670d44 1578->1582 1583 6647af-6647bb 1578->1583 1612 664765-664788 call 65e13d 1579->1612 1613 66474a-664760 call 65d23f call 65d22c 1579->1613 1580->1579 1597 664870-664882 1582->1597 1598 6648df 1582->1598 1583->1582 1586 6647c1-6647c3 1583->1586 1586->1582 1590 6647c9-6647ea 1586->1590 1590->1582 1594 6647ec-664802 1590->1594 1594->1582 1601 664804-664806 1594->1601 1597->1598 1599 664884-664893 1597->1599 1600 6648e3-6648f9 ReadFile 1598->1600 1599->1598 1616 664895-664899 1599->1616 1604 664957-664962 1600->1604 1605 6648fb-664901 1600->1605 1601->1582 1606 664808-66482b 1601->1606 1624 664964-664976 call 65d23f call 65d22c 1604->1624 1625 66497b-66497e 1604->1625 1605->1604 1610 664903 1605->1610 1606->1582 1611 66482d-664843 1606->1611 1614 6648c5-6648cf call 666db3 1608->1614 1618 664906-664918 1610->1618 1611->1582 1619 664845-664847 1611->1619 1612->1578 1613->1608 1614->1566 1616->1600 1623 66489b-6648b3 1616->1623 1618->1614 1626 66491a-66491e 1618->1626 1619->1582 1627 664849-664860 1619->1627 1644 6648d4-6648dd 1623->1644 1645 6648b5 1623->1645 1624->1608 1633 664984-664986 1625->1633 1634 6648bb-6648c1 call 65d1e5 1625->1634 1631 664937-664944 1626->1631 1632 664920-664930 call 664335 1626->1632 1627->1582 1640 664946 call 66448c 1631->1640 1641 664950-664955 call 66417b 1631->1641 1652 664933-664935 1632->1652 1633->1614 1634->1608 1653 66494b-66494e 1640->1653 1641->1653 1644->1618 1645->1634 1652->1614 1653->1652
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 405a5c54fb466bb4ee78030aa7a0b97c5c61180746e087f2056883dda29f0d85
              • Instruction ID: 468ab25ee595f5458323cdc51065150e18d7f0e9580fabd6268519601bc223aa
              • Opcode Fuzzy Hash: 405a5c54fb466bb4ee78030aa7a0b97c5c61180746e087f2056883dda29f0d85
              • Instruction Fuzzy Hash: A1B1F670A04245AFDB11DFA9D840BAEBBB3AF46314F14425CF95597382CB70ED42CB54
              Function 0066549C Relevance: 1.7, APIs: 1, Instructions: 198fileCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1654 66549c-6654be 1655 6654c4-6654c6 1654->1655 1656 6656b1 1654->1656 1657 6654f2-665515 1655->1657 1658 6654c8-6654e7 call 654723 1655->1658 1659 6656b3-6656b7 1656->1659 1661 665517-665519 1657->1661 1662 66551b-665521 1657->1662 1665 6654ea-6654ed 1658->1665 1661->1662 1664 665523-665534 1661->1664 1662->1658 1662->1664 1666 665536-665544 call 65e17d 1664->1666 1667 665547-665557 call 664fe1 1664->1667 1665->1659 1666->1667 1672 6655a0-6655b2 1667->1672 1673 665559-66555f 1667->1673 1674 6655b4-6655ba 1672->1674 1675 665609-665629 WriteFile 1672->1675 1676 665561-665564 1673->1676 1677 665588-66559e call 664bb2 1673->1677 1683 6655f5-665607 call 66505e 1674->1683 1684 6655bc-6655bf 1674->1684 1680 665634 1675->1680 1681 66562b-665631 1675->1681 1678 665566-665569 1676->1678 1679 66556f-66557e call 664f79 1676->1679 1696 665581-665583 1677->1696 1678->1679 1685 665649-66564c 1678->1685 1679->1696 1689 665637-665642 1680->1689 1681->1680 1702 6655dc-6655df 1683->1702 1690 6655e1-6655f3 call 665222 1684->1690 1691 6655c1-6655c4 1684->1691 1699 66564f-665651 1685->1699 1697 665644-665647 1689->1697 1698 6656ac-6656af 1689->1698 1690->1702 1691->1699 1700 6655ca-6655d7 call 665139 1691->1700 1696->1689 1697->1685 1698->1659 1704 665653-665658 1699->1704 1705 66567f-66568b 1699->1705 1700->1702 1702->1696 1708 665671-66567a call 65d208 1704->1708 1709 66565a-66566c 1704->1709 1706 665695-6656a7 1705->1706 1707 66568d-665693 1705->1707 1706->1665 1707->1656 1707->1706 1708->1665 1709->1665
              APIs
              • WriteFile.KERNELBASE(?,00000000,00659087,?,00000000,00000000,00000000,?,00000000,?,0064E5B1,00659087,00000000,0064E5B1,?,?), ref: 00665622
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: FileWrite
              • String ID:
              • API String ID: 3934441357-0
              • Opcode ID: 28537a665087d259a599291005749cc5e0563718b5dbc6d44496297306013eb6
              • Instruction ID: ef7a65605c5206ac514d1be2eab598a6c4d4de977ead6d9374d2dbf2aea2ba1c
              • Opcode Fuzzy Hash: 28537a665087d259a599291005749cc5e0563718b5dbc6d44496297306013eb6
              • Instruction Fuzzy Hash: 6C61B371D04519AFDF11DFA8C886EEEBBBBAF49308F140189F806A7215D731D911CBA0
              Function 00654942 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1712 654942-65494f 1713 654951-654974 call 654723 1712->1713 1714 654979-65498d call 665f82 1712->1714 1719 654ae0-654ae2 1713->1719 1720 654992-65499b call 65e11f 1714->1720 1721 65498f 1714->1721 1723 6549a0-6549af 1720->1723 1721->1720 1724 6549b1 1723->1724 1725 6549bf-6549c8 1723->1725 1726 6549b7-6549b9 1724->1726 1727 654a89-654a8e 1724->1727 1728 6549dc-654a10 1725->1728 1729 6549ca-6549d7 1725->1729 1726->1725 1726->1727 1730 654ade-654adf 1727->1730 1732 654a12-654a1c 1728->1732 1733 654a6d-654a79 1728->1733 1731 654adc 1729->1731 1730->1719 1731->1730 1736 654a43-654a4f 1732->1736 1737 654a1e-654a2a 1732->1737 1734 654a90-654a93 1733->1734 1735 654a7b-654a82 1733->1735 1738 654a96-654a9e 1734->1738 1735->1727 1736->1734 1740 654a51-654a6b call 654e59 1736->1740 1737->1736 1739 654a2c-654a3e call 654cae 1737->1739 1741 654aa0-654aa6 1738->1741 1742 654ada 1738->1742 1739->1730 1740->1738 1745 654abe-654ac2 1741->1745 1746 654aa8-654abc call 654ae3 1741->1746 1742->1731 1750 654ad5-654ad7 1745->1750 1751 654ac4-654ad2 call 674a10 1745->1751 1746->1730 1750->1742 1751->1750
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7cbd9bb83d194dc881bf088fdfa375ac6c4b581206a08da0f38900821e9669df
              • Instruction ID: 1911504db033caa0b016e1854b838425889933a687a5423ed9ba120d93cea9f8
              • Opcode Fuzzy Hash: 7cbd9bb83d194dc881bf088fdfa375ac6c4b581206a08da0f38900821e9669df
              • Instruction Fuzzy Hash: 8F51E970A00108AFDF54CF58CC81AAA7FB2EF45369F248198FC495B356D7319E85CB94
              Function 00664B12 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1755 664b12-664b26 call 66a6de 1758 664b2c-664b34 1755->1758 1759 664b28-664b2a 1755->1759 1761 664b36-664b3d 1758->1761 1762 664b3f-664b42 1758->1762 1760 664b7a-664b9a call 66a64d 1759->1760 1772 664bac 1760->1772 1773 664b9c-664baa call 65d208 1760->1773 1761->1762 1764 664b4a-664b5e call 66a6de * 2 1761->1764 1765 664b44-664b48 1762->1765 1766 664b60-664b70 call 66a6de FindCloseChangeNotification 1762->1766 1764->1759 1764->1766 1765->1764 1765->1766 1766->1759 1776 664b72-664b78 1766->1776 1774 664bae-664bb1 1772->1774 1773->1774 1776->1760
              APIs
              • FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,006649F9,00000000,CF830579,006A1140,0000000C,00664AB5,00658BBD,?), ref: 00664B69
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 050309f98e629900331700137353dee280c3339fcdffe5d9e06b8b75480468af
              • Instruction ID: e9322ac82e1afd50a417a3180c29043da5e044f78c1919c684bdef14e82b4b92
              • Opcode Fuzzy Hash: 050309f98e629900331700137353dee280c3339fcdffe5d9e06b8b75480468af
              • Instruction Fuzzy Hash: 0111483360412417C7647274E841BBEA74BCB837B4F39060DF9149B2C2EE21E8819549
              Function 0065E05C Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1781 65e05c-65e074 call 66a6de 1784 65e076-65e07d 1781->1784 1785 65e08a-65e0a0 SetFilePointerEx 1781->1785 1786 65e084-65e088 1784->1786 1787 65e0b5-65e0bf 1785->1787 1788 65e0a2-65e0b3 call 65d208 1785->1788 1789 65e0db-65e0de 1786->1789 1787->1786 1790 65e0c1-65e0d6 1787->1790 1788->1786 1790->1789
              APIs
              • SetFilePointerEx.KERNELBASE(00000000,00000000,006A0DF8,0064E5B1,00000002,0064E5B1,00000000,?,?,?,0065E166,00000000,?,0064E5B1,00000002,006A0DF8), ref: 0065E099
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: FilePointer
              • String ID:
              • API String ID: 973152223-0
              • Opcode ID: 6a84d22214f6e81f5c526728809ce82731d5989bdf3f7a0226ae09562de4d25d
              • Instruction ID: b98fb2a196d26059a1159c5bcdea863c26eccc353e460ea753c3c1f7efca0ef8
              • Opcode Fuzzy Hash: 6a84d22214f6e81f5c526728809ce82731d5989bdf3f7a0226ae09562de4d25d
              • Instruction Fuzzy Hash: 26012632614119ABCF09DF58CC05C9E3B2BDB86335F240248FC519B2D1E6B2EA518BD0
              Function 006663F3 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1794 6663f3-6663fe 1795 666400-66640a 1794->1795 1796 66640c-666412 1794->1796 1795->1796 1797 666440-66644b call 65d23f 1795->1797 1798 666414-666415 1796->1798 1799 66642b-66643c RtlAllocateHeap 1796->1799 1803 66644d-66644f 1797->1803 1798->1799 1800 666417-66641e call 663f93 1799->1800 1801 66643e 1799->1801 1800->1797 1807 666420-666429 call 6617d8 1800->1807 1801->1803 1807->1797 1807->1799
              APIs
              • RtlAllocateHeap.NTDLL(00000008,0064D6FA,00000004,?,00665D79,00000001,00000364,00000004,00000007,000000FF,?,0065067B,00000002,00000000,?,?), ref: 00666435
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 735d98e4503f0a17abf93d301044afeace504524b6dfa5106edd8df2d54a73a5
              • Instruction ID: f24e8e8186cb92b849aac94835a2fa54214ad58ababc755a49e4338a65bd0022
              • Opcode Fuzzy Hash: 735d98e4503f0a17abf93d301044afeace504524b6dfa5106edd8df2d54a73a5
              • Instruction Fuzzy Hash: CAF08931505124669B616F62FC06BAB7BCFDF51764F15C055FC08D6280CE70E81146F5
              Function 00666E2D Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1810 666e2d-666e39 1811 666e6b-666e76 call 65d23f 1810->1811 1812 666e3b-666e3d 1810->1812 1820 666e78-666e7a 1811->1820 1813 666e56-666e67 RtlAllocateHeap 1812->1813 1814 666e3f-666e40 1812->1814 1816 666e42-666e49 call 663f93 1813->1816 1817 666e69 1813->1817 1814->1813 1816->1811 1822 666e4b-666e54 call 6617d8 1816->1822 1817->1820 1822->1811 1822->1813
              APIs
              • RtlAllocateHeap.NTDLL(00000000,00000004,00000000,?,0065067B,00000002,00000000,?,?,?,0057303D,0064D6FA,00000004,00000000,0064D6FA), ref: 00666E60
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 18f11145dff118bcc9e47149f3ebe90261319a212eb6a4f36f91d61bfc62c966
              • Instruction ID: 361bd5db6fa3c6d9aa41d6b2dc3066818b83b988352fbbc7a70540c378b9a274
              • Opcode Fuzzy Hash: 18f11145dff118bcc9e47149f3ebe90261319a212eb6a4f36f91d61bfc62c966
              • Instruction Fuzzy Hash: 09E0ED399086216ADB302666ED00BAB7A4B8B823A1F050120FE04D62D0CB22D80081A8

              Non-executed Functions

              Function 0057D8B9 Relevance: 26.6, APIs: 2, Strings: 13, Instructions: 377COMMON
              Download Yara Rule
              APIs
              • Process32Next.KERNEL32(00000000,00000128), ref: 0057DAB0
              • Process32Next.KERNEL32(00000000,?), ref: 0057DAF8
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: NextProcess32
              • String ID: ?$EIJ$IOQW$agnd$bqZP$d;"&$ec`v$jjst$oo$rAKq$rnql$za@r${~RL
              • API String ID: 1850201408-2823651170
              • Opcode ID: c45aad5a9169ac3740635b699f5bb512dc52f29ff9305413297050765ca9215d
              • Instruction ID: 9f845af1988a6020f2e478151d3423690ede808db59ef60d47a9efd409a2a69e
              • Opcode Fuzzy Hash: c45aad5a9169ac3740635b699f5bb512dc52f29ff9305413297050765ca9215d
              • Instruction Fuzzy Hash: 0CF15DB191122D9AEB20EB94DC45BEEBBB8FF55300F4044D9E54DB6242EB705B88CF61
              Function 005DF810 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 175COMMON
              Download Yara Rule
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 005DF833
              • std::_Lockit::_Lockit.LIBCPMT ref: 005DF855
              • std::_Lockit::~_Lockit.LIBCPMT ref: 005DF875
              • std::_Lockit::~_Lockit.LIBCPMT ref: 005DF89F
              • std::_Lockit::_Lockit.LIBCPMT ref: 005DF90D
              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 005DF959
              • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 005DF973
              • std::_Lockit::~_Lockit.LIBCPMT ref: 005DFA08
              • std::_Facet_Register.LIBCPMT ref: 005DFA15
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
              • String ID: bad locale name$"i
              • API String ID: 3375549084-3647989590
              • Opcode ID: 801012308083716df16281b48e833d7758b8e76275ec47528103a7afb432c447
              • Instruction ID: 4432a753b094d25085412e8577f1b4ae9b62cb0a33d66d3dcdc2edc9743f9d1b
              • Opcode Fuzzy Hash: 801012308083716df16281b48e833d7758b8e76275ec47528103a7afb432c447
              • Instruction Fuzzy Hash: 1A619F71D00248DBDF20EFA8D845B9EBFB5BF04310F18446AE805A7381D775E905CB96
              Function 00577820 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 310COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 0057799A
              • ___std_exception_copy.LIBVCRUNTIME ref: 00577B75
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: `!W$`!W$out_of_range$type_error
              • API String ID: 2659868963-3966042102
              • Opcode ID: c3f394b604a6400d670fb2c1541377d725f11dbbd0b3b3c0172f246a584f23fb
              • Instruction ID: 1c36af2bdfb6674e7721e5e4850c4593e512c767effb9a7533273ffff2de5b4b
              • Opcode Fuzzy Hash: c3f394b604a6400d670fb2c1541377d725f11dbbd0b3b3c0172f246a584f23fb
              • Instruction Fuzzy Hash: 82C14AB19002089FDB58DFA8E98479DBFF6FF48300F14866AE419EB752E77499808B54
              Function 005773B0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 005775BE
              • ___std_exception_destroy.LIBVCRUNTIME ref: 005775CD
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: at line $, column $`!W$yoW
              • API String ID: 4194217158-2070846131
              • Opcode ID: 04ebfc116621a802f40cb6bf2b21422d5854d261a085ce556847a0f1a0c8f29e
              • Instruction ID: dceb183647ac194e536b23ea3c8d450fe62e244821905abe742a264cf26e6752
              • Opcode Fuzzy Hash: 04ebfc116621a802f40cb6bf2b21422d5854d261a085ce556847a0f1a0c8f29e
              • Instruction Fuzzy Hash: 4961C771A042099FDB08DF68EC85B9DBFB6FF48300F14862CE41997782D774AA449B95
              Function 005739F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156COMMON
              Download Yara Rule
              APIs
              • std::_Lockit::_Lockit.LIBCPMT ref: 00573A58
              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00573AA4
              • __Getctype.LIBCPMT ref: 00573ABA
              • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00573AE6
              • std::_Lockit::~_Lockit.LIBCPMT ref: 00573B7B
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
              • String ID: bad locale name
              • API String ID: 1840309910-1405518554
              • Opcode ID: 418af4c57e355c11785d541a465628ce06f37d14a40fd6016a71fe133b31c8f5
              • Instruction ID: 26c6f7926450587899462a5dc032e12f4ec210f9ad65cb22c28f64c35285e2fd
              • Opcode Fuzzy Hash: 418af4c57e355c11785d541a465628ce06f37d14a40fd6016a71fe133b31c8f5
              • Instruction Fuzzy Hash: 675132B1D002489FDF50DFA4D945B9EBBB9BF14310F148069EC09AB381E775DA08DB95
              Function 0057B1A0 Relevance: 10.6, APIs: 7, Instructions: 133memoryCOMMON
              Download Yara Rule
              APIs
              • LocalAlloc.KERNEL32(00000040,0000001C), ref: 0057B1F0
              • LocalAlloc.KERNEL32(00000040,0000001C,?,00000000,00000000), ref: 0057B239
              • SetupDiGetDeviceInterfaceDetailA.SETUPAPI(?,00000000,00000000,00000000,?,00000000), ref: 0057B26D
              • SetupDiGetDeviceInterfaceDetailA.SETUPAPI(?,?,00000000,?,00000000,00000000), ref: 0057B28F
              • LocalFree.KERNEL32(?,?,?,?,?,00000000,?,00000000,00000000), ref: 0057B2C0
              • LocalFree.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 0057B2C5
              • LocalFree.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 0057B2C8
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: Local$Free$AllocDetailDeviceInterfaceSetup
              • String ID:
              • API String ID: 4232148138-0
              • Opcode ID: 4a61beaf0884658d463213450f9db647f8e9cfacf6b6255967c8f485f32b6a30
              • Instruction ID: 5c19e79ddefa64afa2ab762e266da89052a8b468d11f640d21e410e47f063255
              • Opcode Fuzzy Hash: 4a61beaf0884658d463213450f9db647f8e9cfacf6b6255967c8f485f32b6a30
              • Instruction Fuzzy Hash: 14414EB1941309AFDB60DFA9DC41BAEBBF5FB48700F10452AE519E3251E77499008B50
              Function 00574C50 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 345COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00574F72
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00574FFF
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: ", "$: "$`!W
              • API String ID: 4194217158-865532658
              • Opcode ID: 5e9e06aa24b5b4b97bf37eafb235e5d202e81d584032ab294a481369df221830
              • Instruction ID: ce7125582c36f31b5045869a68db7bae7a15c8ee6ce7eece0f275ffdacc786e0
              • Opcode Fuzzy Hash: 5e9e06aa24b5b4b97bf37eafb235e5d202e81d584032ab294a481369df221830
              • Instruction Fuzzy Hash: 45C1F4709002058FDB28DF68D849B6EBBFAFF44300F14892DE45A97782E774A944CBA5
              Function 00573190 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 170COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 005732C6
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00573350
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy___std_exception_destroy
              • String ID: @3W$`!W$`!W
              • API String ID: 2970364248-2254862971
              • Opcode ID: 073f5f322dfeec1c76671ec605106b207f02555883281553bf0b9de61f8cc980
              • Instruction ID: 9ca9d5c49881c98053fdeab6731ce3c3b1bfb9768a6f4ef50342b8e76cffc6cc
              • Opcode Fuzzy Hash: 073f5f322dfeec1c76671ec605106b207f02555883281553bf0b9de61f8cc980
              • Instruction Fuzzy Hash: 0A519B759002089FDB18CF98D885BDEBFB6FF48310F14812EE819A7382D7749A41DB90
              Function 00573370 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00573190: ___std_exception_copy.LIBVCRUNTIME ref: 005732C6
              • ___std_exception_copy.LIBVCRUNTIME ref: 0057345F
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: +4W$@3W$@3W$`!W
              • API String ID: 2659868963-806670365
              • Opcode ID: 08a8ddb1aa18281f980a96ac58ce819bda57acd98c82f3f75bd0d063ab12edc2
              • Instruction ID: 918fea9a37f8cd214a50696b723ab04dde42f5a42de1cb39742ad5218c2d2234
              • Opcode Fuzzy Hash: 08a8ddb1aa18281f980a96ac58ce819bda57acd98c82f3f75bd0d063ab12edc2
              • Instruction Fuzzy Hash: C231B4729002099FCB18DFA8D845A9EFFF9FF08310F10852AF518D7641E770A654DB95
              Function 005DD050 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 005DD06F
              • ___std_exception_copy.LIBVCRUNTIME ref: 005DD096
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: `!W$`!W$uW
              • API String ID: 2659868963-58997078
              • Opcode ID: 7f86f9905bd1a33d11d35b496be1e4d26b91e6ed885aeebb1ece0b751b307457
              • Instruction ID: 9e7c2f3d5726a3ed1a309604d316bbc60cde08ab48c2ffa2e75457d0e29a8fe3
              • Opcode Fuzzy Hash: 7f86f9905bd1a33d11d35b496be1e4d26b91e6ed885aeebb1ece0b751b307457
              • Instruction Fuzzy Hash: 6B01A4B6500606AF9704DF59D445882FBF9FB58710704852BA929CBB11E7B0E528CFA4
              Function 00576C60 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 247COMMON
              Download Yara Rule
              APIs
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00576F11
              • ___std_exception_destroy.LIBVCRUNTIME ref: 00576F20
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_destroy
              • String ID: [json.exception.$`!W
              • API String ID: 4194217158-964591096
              • Opcode ID: 863e6945141acf6f43bcccfadb53f380f7bedfc0f53ee5ea5d4e1d4630dbba13
              • Instruction ID: 185c66fc76caf31ced68849e9dc5d37921342f763a7362a86ee6353eac3dea47
              • Opcode Fuzzy Hash: 863e6945141acf6f43bcccfadb53f380f7bedfc0f53ee5ea5d4e1d4630dbba13
              • Instruction Fuzzy Hash: 5991C470A006059FDB18CF68D984B9EBFF6FF44300F20856CE459AB792D771AA45CB91
              Function 00577BE0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 156COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00577D67
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: `!W$`!W$other_error
              • API String ID: 2659868963-2305695082
              • Opcode ID: 05c38ca3a9fb68d44ad3a0295e739def463a60fa5a650624e1540a8620d0fe75
              • Instruction ID: 1e31358a7312dac2a563bff9b91322171b857d1c301f8f563eeeefebea0f9329
              • Opcode Fuzzy Hash: 05c38ca3a9fb68d44ad3a0295e739def463a60fa5a650624e1540a8620d0fe75
              • Instruction Fuzzy Hash: B1516BB0D002089FDB58CFA8E88479DBFF6BF48300F148269E459EB752E7749984CB54
              Function 00575010 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 97COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 005750C8
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: @3W$`!W$recursive_directory_iterator::operator++
              • API String ID: 2659868963-812295300
              • Opcode ID: 6dc4b373d35d6dc1ba185135b896fb7721cc38aa11ebca49021e33f20a700460
              • Instruction ID: 3e66944857db0ac5f416570417656943591eaf99c34ef1ff32cf8df9825ada91
              • Opcode Fuzzy Hash: 6dc4b373d35d6dc1ba185135b896fb7721cc38aa11ebca49021e33f20a700460
              • Instruction Fuzzy Hash: 0A3182B5800609EFC714DF54D945F8ABBFCFB45710F00866AE92A93781EB74BA14CBA1
              Function 005EB3C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 005EB3DF
              • ___std_exception_copy.LIBVCRUNTIME ref: 005EB406
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: `!W$`!W
              • API String ID: 2659868963-1309570094
              • Opcode ID: cb88ca37825e92ddba369fd583aaab8085c520398e602967afe0691cc128a525
              • Instruction ID: 78490c40412956a3a4500f76cf44c39202781701899adc30337679bbcf4b3ebe
              • Opcode Fuzzy Hash: cb88ca37825e92ddba369fd583aaab8085c520398e602967afe0691cc128a525
              • Instruction Fuzzy Hash: 77F0C4B6500606AF9708DF58D405886BBE9FA54710705852BE52ACBB01E7B0E528CBA4
              Function 00573050 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 00573078
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: `!W$`!W
              • API String ID: 2659868963-1309570094
              • Opcode ID: 46834f4df1ecd55b4aa1205a7e9ec62518393eda9536ea2e252bed7e4ca4bd95
              • Instruction ID: 3ab35861491ba84314fca1011bdd5871c689b915b080ae35dbc355ef9549fd0a
              • Opcode Fuzzy Hash: 46834f4df1ecd55b4aa1205a7e9ec62518393eda9536ea2e252bed7e4ca4bd95
              • Instruction Fuzzy Hash: 7BE012B69053089BC710DFA8D8459CAFFF8AB19701F14C6BAE948D7301F6B0D5548BD5
              Function 00573090 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 005730AE
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: `!W$`!W
              • API String ID: 2659868963-1309570094
              • Opcode ID: 6a875beb7af8cd0826c44e8cf92bde6394dff30081b879ca02400d6f08f4591a
              • Instruction ID: 787746f53ecc4a668d5880140d964008c5d3a140de443cd86299eeb77bf4f77d
              • Opcode Fuzzy Hash: 6a875beb7af8cd0826c44e8cf92bde6394dff30081b879ca02400d6f08f4591a
              • Instruction Fuzzy Hash: 14E017B26042189FD718DF88E805C86BFEDEB15755745C43EF64DDB301E6B0E8248BA8
              Function 00572230 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
              Download Yara Rule
              APIs
              • ___std_exception_copy.LIBVCRUNTIME ref: 0057224E
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.3274002949.0000000000571000.00000040.00000001.01000000.00000005.sdmp, Offset: 00570000, based on PE: true
              • Associated: 00000008.00000002.3273933375.0000000000570000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274002949.00000000006A3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274200285.00000000006A8000.00000008.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274233621.00000000006AB000.00000004.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274263488.00000000006AC000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274295748.00000000006B6000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274325253.00000000006B7000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274363388.00000000006B8000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274595752.0000000000810000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274651675.0000000000812000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274697776.000000000082C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274727274.000000000082E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.000000000082F000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274753399.0000000000838000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274831437.000000000083C000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274871919.0000000000844000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274914274.000000000084B000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3274955028.000000000084C000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275002848.0000000000854000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275039466.0000000000856000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275070774.0000000000865000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275107825.0000000000866000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275139356.000000000086E000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275173148.000000000087A000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275223517.000000000089A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.000000000089B000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D3000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275268863.00000000008D5000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275404756.0000000000902000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275448792.0000000000903000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.0000000000904000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275483019.000000000090A000.00000080.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275561073.0000000000919000.00000040.00000001.01000000.00000005.sdmpDownload File
              • Associated: 00000008.00000002.3275599085.000000000091A000.00000080.00000001.01000000.00000005.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_8_2_570000_RageMP131.jbxd
              Yara matches
              Similarity
              • API ID: ___std_exception_copy
              • String ID: `!W$`!W
              • API String ID: 2659868963-1309570094
              • Opcode ID: 9422a05edc101d84051c1e413902affd673cd1077de424739517e15d869d36a0
              • Instruction ID: 57985fab7dc98aac6c42500ac0b59842d380082e2ae0c9e5ecbe7ee87899265f
              • Opcode Fuzzy Hash: 9422a05edc101d84051c1e413902affd673cd1077de424739517e15d869d36a0
              • Instruction Fuzzy Hash: DBE0E2B2A042149BD7189F88E801886BBEDAA15755745C43EF649DB301E6B0E8248BA8